Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost.exe *32 processes slowing down laptop


  • This topic is locked This topic is locked
87 replies to this topic

#1 peddier

peddier

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 09 May 2014 - 10:35 AM

Having looked at similar posts I  have downloaded Farbar Recovery Scan Tool and ran the scan.
 
Attaching results.
 
Regards
Rob

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01
Ran by katrina (administrator) on KATRINA-HP on 09-05-2014 15:50:04
Running from C:\Users\katrina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Symantec Corporation) C:\Config.Msi\3de66.rbf
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVG Technologies CZ, s.r.o.) C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1164304 2014-04-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
HKU\S-1-5-21-2400530217-1677791121-3577320560-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2400530217-1677791121-3577320560-1000\...\Run: [Odrics] => regsvr32.exe C:\Users\katrina\AppData\Local\Odrics\vorbisInit80.dll <===== ATTENTION
HKU\S-1-5-21-2400530217-1677791121-3577320560-1000\...\MountPoints2: {687bb7b5-2189-11e1-83f8-643150572e79} - F:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-2400530217-1677791121-3577320560-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\katrina\AppData\Local\Temp\scpiyyb\syjjjyx\wow.dll ATTENTION! ====> ZeroAccess?
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
AppInit_DLLs: c:\progra~2\optimi~1\optpro~2.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4444488 2013-11-19] ()
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [4126024 2013-10-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\ProgramData\rjli.dat ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {96E8EB52-0F72-4399-9C46-0E843A692238} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {9EE6B9CB-ED91-4C89-91E1-C006C0198F5D} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKBIpNolJDHnMo-NpUgxWidLUf-n67uyvfk_JCcQILGkjEx1yHj4wPosLpG-splDx1bKhrNPzf5gBEOkYnwWsP0XFWtKOLsIHx-Fq9cxqM4t5gVov061DK7YaYtACVVdO3RqbQPZ-ne2yI,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKBIpNolJDHnMo-NpUgxWidLUf-n67uyvfk_JCcQILGkjEx1yHj4wPosLpG-splDx1bKhrNPzf5gBEOkYnwWsP0XFWtKOLsIHx-Fq9cxqM4t5gVov061DK7YaYtACVVdO3RqbQPZ-ne2yI,&q={searchTerms}
BHO: ApptoU - {5DC89B11-95AE-391B-73D4-5B9016CCB039} - C:\ProgramData\ApptoU\ikF2.x64.dll ()
BHO: LuCiKKyCoupaon - {8E2BCED6-EB31-D505-E907-3B22CF7BB1E0} - C:\ProgramData\LuCiKKyCoupaon\5.x64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: deal4real - {BB5A7DD3-BB1E-9413-9776-6DC536BBD07B} - C:\ProgramData\deal4real\oYId55yr.x64.dll ()
BHO: IcouValid - {C234C7BC-12DB-4389-4952-4711A2C14908} - C:\ProgramData\IcouValid\eF6DX3N.x64.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: leeeSs2paaY - {FD016E09-EF94-D88B-4657-DC5F32CA9A02} - C:\ProgramData\leeeSs2paaY\dm.x64.dll ()
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-12] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2014-05-09]

Chrome:
=======
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=f284b24a-c34b-4124-b111-5094fa594aee&searchtype=hp&installDate=28/08/2013"
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=18B01C659D72233C&affID=119523&tt=280813_ctrl1&tsp=4988
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live\xC2\x99 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (TicuTACoupon) - C:\Users\katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmikecgkfgmkaienoanpifikakoocpp [2014-03-19]
CHR Extension: (leeeSs2paaY) - C:\Users\katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpdbdoodljdocohmfbdoacfdfakimlb [2014-02-16]
CHR Extension: (iCloud Bookmarks) - C:\Users\katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-09-19]
CHR Extension: (MixiDJ V30) - C:\Users\katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieajphigldbfhdlccebbnjllmipokipa [2013-10-14]
CHR Extension: (Google Wallet) - C:\Users\katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (ApptoU) - C:\ProgramData\ohpdcgepgippoidomncdmikcehemaahp [2013-12-24]
CHR HKLM-x32\...\Chrome\Extension: [ljidjdddaoiogpbmniipclcppkoembao] - C:\Program Files (x86)\bomlabio\ljidjdddaoiogpbmniipclcppkoembao.crx [2013-12-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [193688 2013-11-19] ()
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473280 2014-04-03] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [640016 2014-04-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4343664 2014-04-09] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-25] (Trusteer Ltd.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [1124472 2011-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-01-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2011-01-15] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110311.001\IDSvia64.sys [476792 2010-11-09] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110314.002\ENG64.SYS [117880 2011-01-15] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110314.002\EX64.SYS [1791096 2011-01-15] (Symantec Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-12-21] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-25] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-25] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-25] (Trusteer Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R1 {6c99c2f0-e68d-4af3-b9e5-1682be7bd5e1}Gw64; C:\Windows\System32\drivers\{6c99c2f0-e68d-4af3-b9e5-1682be7bd5e1}Gw64.sys [61112 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-09 16:01 - 2014-05-09 16:01 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\AVG2014
2014-05-09 15:50 - 2014-05-09 15:57 - 00026224 _____ () C:\Users\katrina\Downloads\FRST.txt
2014-05-09 15:50 - 2014-05-09 15:50 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\TuneUp Software
2014-05-09 15:50 - 2014-05-09 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-09 15:49 - 2014-05-09 15:50 - 00000000 ____D () C:\FRST
2014-05-09 15:43 - 2014-05-09 15:46 - 02064384 _____ (Farbar) C:\Users\katrina\Downloads\FRST64.exe
2014-05-09 15:25 - 2014-05-09 16:00 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-09 15:25 - 2014-05-09 15:25 - 00000000 ___HD () C:\$AVG
2014-05-09 14:56 - 2014-05-09 16:01 - 00000000 ____D () C:\Users\katrina\AppData\Local\Avg2014
2014-05-09 14:56 - 2014-05-09 16:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-09 14:56 - 2014-05-09 14:56 - 00000000 ____D () C:\Users\katrina\AppData\Local\MFAData
2014-05-09 14:48 - 2014-05-09 14:48 - 00000936 _____ () C:\Users\Public\Desktop\AVG.lnk
2014-05-09 14:47 - 2014-05-09 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2014-05-09 14:30 - 2014-05-09 15:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-09 14:30 - 2014-05-09 14:47 - 00000000 ____D () C:\ProgramData\Avg
2014-05-09 14:27 - 2014-05-09 14:44 - 00000000 ____D () C:\Users\katrina\AppData\Local\AvgSetupLog
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\katrina\AppData\Local\Avg
2014-05-09 14:26 - 2014-05-09 14:26 - 16045040 _____ (AVG Technologies) C:\Users\katrina\Downloads\avg_zist_stb_all_208_11.exe
2014-05-09 12:05 - 2014-05-09 12:05 - 00002123 _____ () C:\Users\Public\Desktop\Norton Online Backup.lnk
2014-05-09 12:04 - 2014-05-09 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2014-05-09 10:50 - 2014-05-09 10:49 - 00002478 _____ () C:\Users\katrina\Desktop\logfile.xml
2014-05-09 08:45 - 2014-05-09 14:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 08:44 - 2014-05-09 08:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-09 08:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-09 08:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-09 08:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:10 - 2014-05-09 08:10 - 00000000 ____D () C:\Users\katrina\AppData\Local\{5DDE59A1-171B-423E-9044-E63A170ED80D}
2014-05-08 21:16 - 2014-05-08 21:16 - 00000000 ____D () C:\Windows\pss
2014-05-08 19:36 - 2014-05-09 09:48 - 00007594 _____ () C:\Users\katrina\AppData\Local\Resmon.ResmonCfg
2014-05-08 18:38 - 2014-05-08 18:38 - 00000000 ____D () C:\Users\katrina\AppData\Local\{CD90BCBC-4836-4FC4-93E8-7D22858133EB}
2014-05-07 09:06 - 2014-05-07 09:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 08:54 - 2014-05-07 08:54 - 00000000 ____D () C:\Users\katrina\AppData\Local\{61B79630-3A43-4CD9-82A9-700A52DBB52E}
2014-05-06 11:50 - 2014-04-14 03:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 11:50 - 2014-04-14 03:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 11:31 - 2014-04-29 15:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 11:31 - 2014-04-29 14:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 11:31 - 2014-04-29 13:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 11:31 - 2014-04-29 13:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-04 16:52 - 2014-05-06 11:23 - 00000000 ____D () C:\Users\katrina\AppData\Local\{F7A1D24D-2C93-4939-88D3-DADFA790FD3C}
2014-05-01 17:51 - 2014-05-01 17:51 - 00004663 _____ () C:\Users\katrina\Desktop\_GEAREXT.WO_IDENT.TXT
2014-04-27 22:43 - 2014-04-27 22:43 - 00002785 _____ () C:\Users\katrina\Downloads\HOW_DECRYPT.HTML
2014-04-27 22:43 - 2014-04-27 22:43 - 00002785 _____ () C:\Users\katrina\Documents\HOW_DECRYPT.HTML
2014-04-27 22:43 - 2014-04-27 22:43 - 00001267 _____ () C:\Users\katrina\Downloads\HOW_DECRYPT.TXT
2014-04-27 22:43 - 2014-04-27 22:43 - 00001267 _____ () C:\Users\katrina\Documents\HOW_DECRYPT.TXT
2014-04-27 22:43 - 2014-04-27 22:43 - 00000135 _____ () C:\Users\katrina\Downloads\HOW_DECRYPT.URL
2014-04-27 22:43 - 2014-04-27 22:43 - 00000135 _____ () C:\Users\katrina\Documents\HOW_DECRYPT.URL
2014-04-27 17:24 - 2014-04-27 17:24 - 00002785 _____ () C:\Users\katrina\AppData\Roaming\HOW_DECRYPT.HTML
2014-04-27 17:24 - 2014-04-27 17:24 - 00002785 _____ () C:\Users\katrina\AppData\HOW_DECRYPT.HTML
2014-04-27 17:24 - 2014-04-27 17:24 - 00001267 _____ () C:\Users\katrina\AppData\Roaming\HOW_DECRYPT.TXT
2014-04-27 17:24 - 2014-04-27 17:24 - 00001267 _____ () C:\Users\katrina\AppData\HOW_DECRYPT.TXT
2014-04-27 17:24 - 2014-04-27 17:24 - 00000135 _____ () C:\Users\katrina\AppData\Roaming\HOW_DECRYPT.URL
2014-04-27 17:24 - 2014-04-27 17:24 - 00000135 _____ () C:\Users\katrina\AppData\HOW_DECRYPT.URL
2014-04-27 17:22 - 2014-04-27 17:22 - 00000000 __SHD () C:\Users\katrina\AppData\Local\EmieUserList
2014-04-27 17:22 - 2014-04-27 17:22 - 00000000 __SHD () C:\Users\katrina\AppData\Local\EmieSiteList
2014-04-27 17:22 - 2014-04-27 17:22 - 00000000 ____D () C:\Users\katrina\AppData\Local\{809CC404-E2BF-4194-9A85-788B335E2186}
2014-04-26 10:53 - 2014-03-06 09:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-26 10:53 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-26 10:52 - 2014-03-06 09:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-26 10:52 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-26 10:51 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-26 10:51 - 2014-03-06 09:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-26 10:51 - 2014-03-06 09:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-26 10:51 - 2014-03-06 09:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-26 10:51 - 2014-03-06 09:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-26 10:51 - 2014-03-06 09:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-26 10:51 - 2014-03-06 09:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-26 10:51 - 2014-03-06 09:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-26 10:51 - 2014-03-06 09:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-26 10:51 - 2014-03-06 09:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-26 10:51 - 2014-03-06 09:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-26 10:51 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-26 10:51 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-26 10:51 - 2014-03-06 08:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-26 10:51 - 2014-03-06 08:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-26 10:51 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-26 10:51 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-26 10:51 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-26 10:51 - 2014-03-06 08:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-26 10:51 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-26 10:51 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-26 10:51 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-26 10:51 - 2014-03-06 08:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-26 10:51 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-26 10:51 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-26 10:51 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-26 10:51 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-26 10:51 - 2014-03-06 06:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-26 10:51 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-26 10:50 - 2014-03-06 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-26 10:50 - 2014-03-06 09:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-26 10:50 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-26 10:50 - 2014-03-06 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-26 10:50 - 2014-03-06 07:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-26 10:50 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-26 10:50 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-26 10:50 - 2014-03-06 07:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-26 10:50 - 2014-03-06 06:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-26 10:50 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-26 10:50 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-26 10:41 - 2014-04-26 10:46 - 00000000 ____D () C:\Users\katrina\AppData\Local\{3606C9CB-965A-47F2-B3D4-3E71B4A5D70D}
2014-04-25 07:59 - 2014-04-24 12:28 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{6c99c2f0-e68d-4af3-b9e5-1682be7bd5e1}Gw64.sys
2014-04-25 07:55 - 2014-04-25 07:55 - 00002785 _____ () C:\Users\katrina\AppData\Local\HOW_DECRYPT.HTML
2014-04-25 07:55 - 2014-04-25 07:55 - 00001267 _____ () C:\Users\katrina\AppData\Local\HOW_DECRYPT.TXT
2014-04-25 07:55 - 2014-04-25 07:55 - 00000135 _____ () C:\Users\katrina\AppData\Local\HOW_DECRYPT.URL
2014-04-24 22:25 - 2014-04-24 22:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-24 22:25 - 2014-04-24 22:25 - 00000000 ____D () C:\Users\Administrator
2014-04-24 22:00 - 2014-04-24 22:00 - 00002785 _____ () C:\ProgramData\HOW_DECRYPT.HTML
2014-04-24 22:00 - 2014-04-24 22:00 - 00001267 _____ () C:\ProgramData\HOW_DECRYPT.TXT
2014-04-24 22:00 - 2014-04-24 22:00 - 00000135 _____ () C:\ProgramData\HOW_DECRYPT.URL
2014-04-24 15:14 - 2014-04-24 15:14 - 00000000 ___HD () C:\548621e
2014-04-24 09:17 - 2014-04-24 21:57 - 00000000 ____D () C:\Users\katrina\AppData\Local\{5476F88E-F63E-41D8-AC01-0DD1906063CD}
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 12:05 - 2014-04-17 12:05 - 00000000 ____D () C:\Users\katrina\AppData\Local\{D183E6A3-CAF0-421A-BDB1-A40C9AE47C56}
2014-04-16 08:33 - 2014-04-16 23:02 - 00000000 ____D () C:\Users\katrina\AppData\Local\{C977816A-A222-4C0E-9573-353523B6CD53}
2014-04-14 18:24 - 2014-05-09 12:24 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForkari.job
2014-04-14 18:24 - 2014-04-14 18:24 - 00003176 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkari
2014-04-14 18:23 - 2014-04-14 18:23 - 00000000 ____D () C:\Users\kari\AppData\Local\{BA3E9D4E-CCED-4334-B9FC-FB4407E0F9C3}
2014-04-13 16:22 - 2014-04-13 16:22 - 00000000 ____D () C:\Users\kari\AppData\Local\{23B4B1F4-613B-4DF7-AD98-C6E518AD0D31}
2014-04-13 15:17 - 2014-04-13 15:18 - 00000000 ____D () C:\Users\katrina\AppData\Local\{7A58C047-0A4C-4418-82A8-742F880AA07D}
2014-04-12 16:50 - 2014-04-12 16:50 - 00000000 ____D () C:\Users\katrina\AppData\Local\{BF51DFA6-F408-4826-B6FE-9067976265AC}
2014-04-11 20:37 - 2014-04-11 20:37 - 00546840 _____ () C:\Windows\Minidump\041114-35443-01.dmp
2014-04-11 20:37 - 2014-04-11 20:37 - 00000000 ____D () C:\Windows\Minidump
2014-04-11 20:36 - 2014-04-11 20:36 - 697571988 _____ () C:\Windows\MEMORY.DMP
2014-04-11 18:57 - 2014-04-11 19:01 - 00000000 ____D () C:\Users\katrina\AppData\Local\{D52D3BD3-4A25-4474-972C-FA66DB5B3593}
2014-04-11 18:31 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 18:31 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 18:31 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 18:31 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 18:31 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 18:30 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 18:30 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 18:30 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 18:30 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 18:30 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 18:30 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 18:30 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 18:30 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 18:30 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 18:30 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 18:30 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 18:27 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-11 17:46 - 2014-04-11 17:46 - 00000000 ____D () C:\Users\kari\AppData\Local\{73DB6AAF-9400-4829-A512-9EA5C1A24433}

==================== One Month Modified Files and Folders =======

2014-05-09 16:01 - 2014-05-09 16:01 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\AVG2014
2014-05-09 16:01 - 2014-05-09 14:56 - 00000000 ____D () C:\Users\katrina\AppData\Local\Avg2014
2014-05-09 16:01 - 2014-05-09 14:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-09 16:00 - 2014-05-09 15:25 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-09 15:57 - 2014-05-09 15:50 - 00026224 _____ () C:\Users\katrina\Downloads\FRST.txt
2014-05-09 15:50 - 2014-05-09 15:50 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\TuneUp Software
2014-05-09 15:50 - 2014-05-09 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-09 15:50 - 2014-05-09 15:49 - 00000000 ____D () C:\FRST
2014-05-09 15:49 - 2012-04-19 11:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-09 15:47 - 2010-08-17 09:34 - 01227958 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 15:46 - 2014-05-09 15:43 - 02064384 _____ (Farbar) C:\Users\katrina\Downloads\FRST64.exe
2014-05-09 15:25 - 2014-05-09 15:25 - 00000000 ___HD () C:\$AVG
2014-05-09 15:12 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 15:12 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 15:11 - 2014-05-09 14:30 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-09 14:56 - 2014-05-09 14:56 - 00000000 ____D () C:\Users\katrina\AppData\Local\MFAData
2014-05-09 14:56 - 2014-05-09 08:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 14:51 - 2012-03-11 12:56 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1002UA.job
2014-05-09 14:48 - 2014-05-09 14:48 - 00000936 _____ () C:\Users\Public\Desktop\AVG.lnk
2014-05-09 14:47 - 2014-05-09 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2014-05-09 14:47 - 2014-05-09 14:30 - 00000000 ____D () C:\ProgramData\Avg
2014-05-09 14:44 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\katrina\AppData\Local\AvgSetupLog
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\katrina\AppData\Local\Avg
2014-05-09 14:26 - 2014-05-09 14:26 - 16045040 _____ (AVG Technologies) C:\Users\katrina\Downloads\avg_zist_stb_all_208_11.exe
2014-05-09 13:33 - 2011-10-13 17:55 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1001UA.job
2014-05-09 12:24 - 2014-04-14 18:24 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForkari.job
2014-05-09 12:05 - 2014-05-09 12:05 - 00002123 _____ () C:\Users\Public\Desktop\Norton Online Backup.lnk
2014-05-09 12:05 - 2014-05-09 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2014-05-09 12:05 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-09 11:56 - 2011-12-16 20:43 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-09 11:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-09 11:53 - 2009-07-14 05:51 - 00170143 _____ () C:\Windows\setupact.log
2014-05-09 11:51 - 2012-03-11 12:56 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1002Core.job
2014-05-09 11:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-09 11:11 - 2011-01-16 00:46 - 00812766 _____ () C:\Windows\PFRO.log
2014-05-09 11:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-09 10:57 - 2013-11-25 20:32 - 00000000 ____D () C:\Users\Arran\AppData\Roaming\Systweak
2014-05-09 10:57 - 2013-11-21 18:19 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\Systweak
2014-05-09 10:56 - 2013-11-21 18:21 - 00000000 ____D () C:\ProgramData\Systweak
2014-05-09 10:55 - 2011-01-16 11:08 - 00000000 ____D () C:\Users\holly
2014-05-09 10:49 - 2014-05-09 10:50 - 00002478 _____ () C:\Users\katrina\Desktop\logfile.xml
2014-05-09 09:51 - 2013-11-19 22:08 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-05-09 09:48 - 2014-05-08 19:36 - 00007594 _____ () C:\Users\katrina\AppData\Local\Resmon.ResmonCfg
2014-05-09 08:44 - 2014-05-09 08:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-09 08:10 - 2014-05-09 08:10 - 00000000 ____D () C:\Users\katrina\AppData\Local\{5DDE59A1-171B-423E-9044-E63A170ED80D}
2014-05-09 08:10 - 2012-07-18 08:43 - 00000000 ____D () C:\Users\katrina\AppData\Local\CrashDumps
2014-05-09 08:10 - 2011-01-15 18:45 - 00000000 ____D () C:\Users\katrina\Tracing
2014-05-08 21:16 - 2014-05-08 21:16 - 00000000 ____D () C:\Windows\pss
2014-05-08 21:16 - 2011-01-15 16:57 - 00000000 ___RD () C:\Users\katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-08 18:38 - 2014-05-08 18:38 - 00000000 ____D () C:\Users\katrina\AppData\Local\{CD90BCBC-4836-4FC4-93E8-7D22858133EB}
2014-05-07 09:17 - 2013-12-22 17:34 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkatrina
2014-05-07 09:17 - 2013-12-22 17:34 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForkatrina.job
2014-05-07 09:06 - 2014-05-07 09:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 08:54 - 2014-05-07 08:54 - 00000000 ____D () C:\Users\katrina\AppData\Local\{61B79630-3A43-4CD9-82A9-700A52DBB52E}
2014-05-06 11:23 - 2014-05-04 16:52 - 00000000 ____D () C:\Users\katrina\AppData\Local\{F7A1D24D-2C93-4939-88D3-DADFA790FD3C}
2014-05-04 17:17 - 2012-12-30 21:53 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForKATRINA-HP$.job
2014-05-04 17:16 - 2012-12-30 21:53 - 00003222 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKATRINA-HP$
2014-05-01 17:51 - 2014-05-01 17:51 - 00004663 _____ () C:\Users\katrina\Desktop\_GEAREXT.WO_IDENT.TXT
2014-04-30 08:40 - 2012-04-19 11:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 08:39 - 2012-04-19 11:34 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 08:39 - 2011-06-01 21:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 15:01 - 2014-05-06 11:31 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 14:40 - 2014-05-06 11:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 13:48 - 2014-05-06 11:31 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 13:34 - 2014-05-06 11:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 22:33 - 2011-10-13 17:55 - 00000904 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1001Core.job
2014-04-27 22:43 - 2014-04-27 22:43 - 00002785 _____ () C:\Users\katrina\Downloads\HOW_DECRYPT.HTML
2014-04-27 22:43 - 2014-04-27 22:43 - 00002785 _____ () C:\Users\katrina\Documents\HOW_DECRYPT.HTML
2014-04-27 22:43 - 2014-04-27 22:43 - 00001267 _____ () C:\Users\katrina\Downloads\HOW_DECRYPT.TXT
2014-04-27 22:43 - 2014-04-27 22:43 - 00001267 _____ () C:\Users\katrina\Documents\HOW_DECRYPT.TXT
2014-04-27 22:43 - 2014-04-27 22:43 - 00000135 _____ () C:\Users\katrina\Downloads\HOW_DECRYPT.URL
2014-04-27 22:43 - 2014-04-27 22:43 - 00000135 _____ () C:\Users\katrina\Documents\HOW_DECRYPT.URL
2014-04-27 22:43 - 2013-11-19 22:14 - 00000000 ____D () C:\Users\katrina\Documents\Optimizer Pro
2014-04-27 22:43 - 2013-11-19 22:12 - 00000000 ____D () C:\Users\katrina\Documents\PC Health Kit
2014-04-27 22:43 - 2013-10-27 22:35 - 00012118 _____ () C:\Users\katrina\Documents\steph zumba.txt
2014-04-27 22:43 - 2013-09-19 14:36 - 00000000 ____D () C:\Users\katrina\Documents\Outlook Files
2014-04-27 22:43 - 2013-06-13 16:14 - 00795222 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-know-how-to-support-clients (1).ppt
2014-04-27 22:43 - 2013-06-13 15:43 - 00795222 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-know-how-to-support-clients.ppt
2014-04-27 22:43 - 2013-06-05 18:53 - 00254294 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1 (6).ppt
2014-04-27 22:43 - 2013-06-05 18:50 - 00254294 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1 (5).ppt
2014-04-27 22:43 - 2013-06-03 11:10 - 00254294 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1 (4).ppt
2014-04-27 22:43 - 2013-06-03 11:07 - 00251222 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1 (3).ppt
2014-04-27 22:43 - 2013-06-03 11:06 - 00254294 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1 (2).ppt
2014-04-27 22:43 - 2013-05-20 14:51 - 00251222 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1 (1).ppt
2014-04-27 22:43 - 2013-05-20 14:49 - 00254294 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1.ppt
2014-04-27 22:43 - 2011-02-28 23:42 - 00000000 __RSD () C:\Users\katrina\Documents\My Stationery
2014-04-27 22:42 - 2011-01-16 00:33 - 00000000 ____D () C:\Users\katrina\Documents\Intelli-studio
2014-04-27 17:35 - 2011-02-02 22:19 - 00000000 ____D () C:\Users\katrina\Documents\CyberLink
2014-04-27 17:24 - 2014-04-27 17:24 - 00002785 _____ () C:\Users\katrina\AppData\Roaming\HOW_DECRYPT.HTML
2014-04-27 17:24 - 2014-04-27 17:24 - 00002785 _____ () C:\Users\katrina\AppData\HOW_DECRYPT.HTML
2014-04-27 17:24 - 2014-04-27 17:24 - 00001267 _____ () C:\Users\katrina\AppData\Roaming\HOW_DECRYPT.TXT
2014-04-27 17:24 - 2014-04-27 17:24 - 00001267 _____ () C:\Users\katrina\AppData\HOW_DECRYPT.TXT
2014-04-27 17:24 - 2014-04-27 17:24 - 00000135 _____ () C:\Users\katrina\AppData\Roaming\HOW_DECRYPT.URL
2014-04-27 17:24 - 2014-04-27 17:24 - 00000135 _____ () C:\Users\katrina\AppData\HOW_DECRYPT.URL
2014-04-27 17:24 - 2014-03-15 00:56 - 00038486 _____ () C:\Users\katrina\Desktop\Friday 14th March.pptm
2014-04-27 17:24 - 2013-09-02 22:53 - 00000000 ____D () C:\Users\katrina\Desktop\Holly's school work
2014-04-27 17:24 - 2012-08-29 07:54 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\Skype
2014-04-27 17:24 - 2012-05-05 22:36 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\MP3Rocket
2014-04-27 17:22 - 2014-04-27 17:22 - 00000000 __SHD () C:\Users\katrina\AppData\Local\EmieUserList
2014-04-27 17:22 - 2014-04-27 17:22 - 00000000 __SHD () C:\Users\katrina\AppData\Local\EmieSiteList
2014-04-27 17:22 - 2014-04-27 17:22 - 00000000 ____D () C:\Users\katrina\AppData\Local\{809CC404-E2BF-4194-9A85-788B335E2186}
2014-04-26 11:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-04-26 10:46 - 2014-04-26 10:41 - 00000000 ____D () C:\Users\katrina\AppData\Local\{3606C9CB-965A-47F2-B3D4-3E71B4A5D70D}
2014-04-25 08:16 - 2013-11-19 22:08 - 00000000 ____D () C:\ProgramData\Internet Helper Anti-phishing
2014-04-25 07:57 - 2011-01-16 00:25 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\Intelli-studio
2014-04-25 07:56 - 2013-08-28 22:33 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\Babylon
2014-04-25 07:56 - 2013-08-28 22:33 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\BabSolution
2014-04-25 07:56 - 2011-02-02 22:19 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\CyberLink
2014-04-25 07:56 - 2011-01-15 18:16 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\Adobe
2014-04-25 07:55 - 2014-04-25 07:55 - 00002785 _____ () C:\Users\katrina\AppData\Local\HOW_DECRYPT.HTML
2014-04-25 07:55 - 2014-04-25 07:55 - 00001267 _____ () C:\Users\katrina\AppData\Local\HOW_DECRYPT.TXT
2014-04-25 07:55 - 2014-04-25 07:55 - 00000135 _____ () C:\Users\katrina\AppData\Local\HOW_DECRYPT.URL
2014-04-25 07:55 - 2011-01-15 16:57 - 00000000 ____D () C:\Users\katrina\AppData\Local\VirtualStore
2014-04-25 07:48 - 2012-11-22 22:53 - 00000000 ____D () C:\Users\katrina\AppData\Local\Google
2014-04-25 07:47 - 2011-04-07 12:05 - 00000000 ____D () C:\Users\katrina\AppData\Local\Apple Computer
2014-04-24 22:25 - 2014-04-24 22:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-24 22:25 - 2014-04-24 22:25 - 00000000 ____D () C:\Users\Administrator
2014-04-24 22:00 - 2014-04-24 22:00 - 00002785 _____ () C:\ProgramData\HOW_DECRYPT.HTML
2014-04-24 22:00 - 2014-04-24 22:00 - 00001267 _____ () C:\ProgramData\HOW_DECRYPT.TXT
2014-04-24 22:00 - 2014-04-24 22:00 - 00000135 _____ () C:\ProgramData\HOW_DECRYPT.URL
2014-04-24 22:00 - 2010-08-17 09:48 - 00000000 ____D () C:\ProgramData\WildTangent
2014-04-24 21:57 - 2014-04-24 09:17 - 00000000 ____D () C:\Users\katrina\AppData\Local\{5476F88E-F63E-41D8-AC01-0DD1906063CD}
2014-04-24 16:41 - 2012-08-27 21:38 - 00000000 ____D () C:\ProgramData\Skype
2014-04-24 16:41 - 2010-07-12 00:23 - 00000000 ____D () C:\ProgramData\Symantec
2014-04-24 15:20 - 2010-07-12 00:44 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-04-24 15:16 - 2014-01-13 01:13 - 00000000 ____D () C:\ProgramData\Free Download Manager
2014-04-24 15:14 - 2014-04-24 15:14 - 00000000 ___HD () C:\548621e
2014-04-24 12:28 - 2014-04-25 07:59 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{6c99c2f0-e68d-4af3-b9e5-1682be7bd5e1}Gw64.sys
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 12:05 - 2014-04-17 12:05 - 00000000 ____D () C:\Users\katrina\AppData\Local\{D183E6A3-CAF0-421A-BDB1-A40C9AE47C56}
2014-04-16 23:02 - 2014-04-16 08:33 - 00000000 ____D () C:\Users\katrina\AppData\Local\{C977816A-A222-4C0E-9573-353523B6CD53}
2014-04-14 18:24 - 2014-04-14 18:24 - 00003176 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkari
2014-04-14 18:23 - 2014-04-14 18:23 - 00000000 ____D () C:\Users\kari\AppData\Local\{BA3E9D4E-CCED-4334-B9FC-FB4407E0F9C3}
2014-04-14 18:22 - 2011-01-17 20:31 - 00000000 ____D () C:\Users\kari\Tracing
2014-04-14 03:24 - 2014-05-06 11:50 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 03:19 - 2014-05-06 11:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-13 16:22 - 2014-04-13 16:22 - 00000000 ____D () C:\Users\kari\AppData\Local\{23B4B1F4-613B-4DF7-AD98-C6E518AD0D31}
2014-04-13 15:18 - 2014-04-13 15:17 - 00000000 ____D () C:\Users\katrina\AppData\Local\{7A58C047-0A4C-4418-82A8-742F880AA07D}
2014-04-12 16:50 - 2014-04-12 16:50 - 00000000 ____D () C:\Users\katrina\AppData\Local\{BF51DFA6-F408-4826-B6FE-9067976265AC}
2014-04-12 15:20 - 2011-01-19 21:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-12 15:18 - 2014-01-07 19:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-12 15:09 - 2014-01-07 19:36 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-11 20:37 - 2014-04-11 20:37 - 00546840 _____ () C:\Windows\Minidump\041114-35443-01.dmp
2014-04-11 20:37 - 2014-04-11 20:37 - 00000000 ____D () C:\Windows\Minidump
2014-04-11 20:36 - 2014-04-11 20:36 - 697571988 _____ () C:\Windows\MEMORY.DMP
2014-04-11 19:01 - 2014-04-11 18:57 - 00000000 ____D () C:\Users\katrina\AppData\Local\{D52D3BD3-4A25-4474-972C-FA66DB5B3593}
2014-04-11 17:46 - 2014-04-11 17:46 - 00000000 ____D () C:\Users\kari\AppData\Local\{73DB6AAF-9400-4829-A512-9EA5C1A24433}

Files to move or delete:
====================
C:\ProgramData\iljr.bat
C:\ProgramData\iljr.js
C:\ProgramData\iljr.pad
C:\ProgramData\iljr.reg
C:\ProgramData\rjli.dat
C:\Users\holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk


Some content of TEMP:
====================
C:\Users\graham\AppData\Local\Temp\gKC0fl8ZT3ttXs.exe
C:\Users\graham\AppData\Local\Temp\P1kAlMiG2Kb7Fz.exe
C:\Users\holly\AppData\Local\Temp\0.556863473486322.exe
C:\Users\holly\AppData\Local\Temp\ixl0avuz.dll
C:\Users\holly\AppData\Local\Temp\setup.exe
C:\Users\kari\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\katrina\AppData\Local\Temp\01384890345329.exe
C:\Users\katrina\AppData\Local\Temp\7763280.exe
C:\Users\katrina\AppData\Local\Temp\7766852.exe
C:\Users\katrina\AppData\Local\Temp\7770409.exe
C:\Users\katrina\AppData\Local\Temp\air1B14.exe
C:\Users\katrina\AppData\Local\Temp\air6D55.exe
C:\Users\katrina\AppData\Local\Temp\air9BB3.exe
C:\Users\katrina\AppData\Local\Temp\air9D4.exe
C:\Users\katrina\AppData\Local\Temp\airB167.exe
C:\Users\katrina\AppData\Local\Temp\Extract.exe
C:\Users\katrina\AppData\Local\Temp\fdminst.exe
C:\Users\katrina\AppData\Local\Temp\FreeDownloadManager.exe
C:\Users\katrina\AppData\Local\Temp\HPQSi.exe
C:\Users\katrina\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\katrina\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\katrina\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\katrina\AppData\Local\Temp\Resource.exe
C:\Users\katrina\AppData\Local\Temp\SkypeSetup.exe
C:\Users\katrina\AppData\Local\Temp\SP50718.exe
C:\Users\katrina\AppData\Local\Temp\SP51650.exe
C:\Users\katrina\AppData\Local\Temp\SP51976.exe
C:\Users\katrina\AppData\Local\Temp\sp54620.exe
C:\Users\katrina\AppData\Local\Temp\sp58915.exe
C:\Users\katrina\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\katrina\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\katrina\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\katrina\AppData\Local\Temp\{2B94AA65-2C3C-41DE-BF99-6F6AF4FEE79F}-29.0.1547.57_28.0.1500.95_chrome_updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-26 10:47

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2014 01
Ran by katrina at 2014-05-09 16:04:16
Running from C:\Users\katrina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ApptoU (HKLM-x32\...\{01B91C29-337A-1FFD-7CFC-473451D2F861}) (Version: - ApPtoU)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.1.0 - Ask.com) <==== ATTENTION
AVG (HKLM\...\AvgZen) (Version: 1.0.229 - AVG Technologies)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
AVG Zen (Version: 1.0.229 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deal4real (HKLM-x32\...\{2FA77785-00C3-A920-6452-D4FE5C9C129F}) (Version: - deAl4reAl)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FMW 1 (Version: 1.0.178 - AVG) Hidden
Free Download Manager 3.9.3 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
IcouValid (HKLM-x32\...\{1903B77F-7D60-3EBE-6065-C66F9363854A}) (Version: - IcoVVAAllid) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Internet Helper Anti-phishing (HKLM-x32\...\Internet Helper Anti-phishing) (Version: 1.3.1.0 - Internet Helper (Powered by Panda Security))
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KODAK Share Button App (HKLM-x32\...\{19F1A99A-196F-4D18-BC36-C1DAD6ABCCF3}) (Version: 4.00.0000.0000 - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007F-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: - )
MP3 Rocket Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.22229 - Ask.com) <==== ATTENTION
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{C6173775-C676-4E2A-9232-66E17261E614}) (Version: 2.9.0.19 - Symantec Corporation)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - PC Utilities Software Limited) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
QuickShare (HKLM-x32\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION
Rapport (Version: 3.5.1205.15 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1304.15 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
Systweak PhotoStudio 2.1 (HKLM-x32\...\PhotoStudio_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1) (Version: 2.1.2954.85 - Systweak Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1304.15 - Trusteer)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

17-04-2014 11:13:09 Windows Update
24-04-2014 21:04:52 Windows Update
26-04-2014 09:47:36 Windows Update
30-04-2014 07:31:40 Windows Update
04-05-2014 15:41:15 Windows Update
06-05-2014 10:24:56 Windows Update
07-05-2014 07:58:08 Windows Update
08-05-2014 17:40:37 Windows Update
09-05-2014 06:30:35 Windows Update
09-05-2014 14:06:22 Installed AVG 2014
09-05-2014 14:15:11 Installed AVG 2014

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0CD05A34-FF90-4468-A8C2-4085050A3A1E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1001UA => C:\Users\holly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {0E6A380A-1902-4DA8-AFB5-FB810998F39F} - System32\Tasks\HPCeeScheduleForkari => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {131F1573-CC0F-4CEC-B364-803E75139FD0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1001Core => C:\Users\holly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {20894F4C-D89E-4F6C-A229-088A891F2802} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {29BFB790-BD95-4BE1-B5F0-021AE65DEAFF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1002UA => C:\Users\kari\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16] (Facebook Inc.)
Task: {2AD4E6E6-2768-46B9-9F51-747FF705C200} - System32\Tasks\HPCeeScheduleForKATRINA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {2D3BF007-8C6C-4D78-A7A4-FC34870B8934} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {30596E45-602D-45C2-B9F0-AD244B781031} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {343477F9-7EF9-4799-A1C5-B5F86467DC59} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-04-09] () <==== ATTENTION
Task: {3CA30DB2-C808-40CE-A4B2-3BBB08FC6508} - System32\Tasks\{E2B2A50E-6BE1-4B32-B4EA-0E3CF278B60B} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603
Task: {4F85C08E-C951-4ACB-8B1A-2847F2568667} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {51983934-E3AF-4EA5-9C29-E941CB637042} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {54BD1B70-BB54-4E89-990D-152DCD9746B0} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2011-09-22] (Eastman Kodak Company)
Task: {55B241E2-4F46-471B-A07A-ED43E372805D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {6F527ED5-CBC1-41AD-B32C-9332104866CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: {7AD6443C-BED9-4D0D-AD81-A7265D64A8B8} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {8C6CB20F-492C-4BBD-A440-FA21FD990AD7} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {8CAA16CE-A072-41F0-8BC4-047C7BD70983} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-22] (Microsoft)
Task: {9E1CB714-D610-46D7-BE16-9C996709F28F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A8A2BB40-529D-434E-BBE7-C83CC91CDBF1} - System32\Tasks\{D5362D0D-BA4C-49D1-BDCC-EA0D421624D5} => Chrome.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/go/help.faq.installer?LastError=1603
Task: {BBA4F776-6EB7-4B21-B4C6-D68AEFBC8C93} - System32\Tasks\{83B57FF7-1890-42D9-902B-DD29A70B6A5F} => Iexplore.exe http://ui.skype.com/ui/0/4.2.0.166.321/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {BCF150A0-5349-4408-8DD0-FE276108432E} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [2013-09-19] (MyPCBackup.com) <==== ATTENTION
Task: {C4AEFCF8-EC17-42DF-9D6F-15F79FA5B34E} - System32\Tasks\{71DCEFFE-EBFB-4735-9B44-246CE270F59C} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603
Task: {CF1783F3-3980-4DED-8862-2734C0EBDA88} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {D1233A2E-FD8D-47F4-BC5E-9ABB4F5E7889} - System32\Tasks\HPCeeScheduleForkatrina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {DE9247B0-0BE6-43D1-9159-6B8AAD7394A2} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {E8ACF2DE-2229-42C7-985E-D828C3FD3968} - System32\Tasks\{C5A9BAC2-5C6E-4B77-9408-691143BDBE93} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603
Task: {F2F9F4B3-0F6D-4FA6-93BD-E060DB1C4346} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1002Core => C:\Users\kari\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16] (Facebook Inc.)
Task: {F4DB193D-284D-4BF1-8986-E22767359ABF} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1001Core.job => C:\Users\holly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1001UA.job => C:\Users\holly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1002Core.job => C:\Users\kari\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1002UA.job => C:\Users\kari\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForkari.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKATRINA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForkatrina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-11-19 22:08 - 2013-11-19 22:08 - 04444488 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll
2013-09-19 23:37 - 2013-09-19 23:37 - 03889152 _____ () C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll
2013-09-19 23:32 - 2013-09-19 23:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2013-09-19 23:37 - 2013-09-19 23:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2010-06-19 00:26 - 2010-06-19 00:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-06-19 00:26 - 2010-06-19 00:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-19 00:26 - 2010-06-19 00:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2012-03-11 13:53 - 2013-12-21 10:51 - 01127152 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-11-19 22:08 - 2013-10-29 15:08 - 04126024 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2013-11-19 22:08 - 2013-11-19 22:08 - 00193688 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-28 22:37 - 2013-08-28 22:37 - 00911128 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2012-06-27 16:09 - 2012-06-27 16:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2010-05-19 18:05 - 2010-05-19 18:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-05-19 18:05 - 2010-05-19 18:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-05-19 18:05 - 2010-05-19 18:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-11-19 20:46 - 2013-11-19 20:46 - 00018432 _____ () C:\Users\katrina\AppData\Local\Odrics\vorbisInit80.dll
2014-05-09 14:31 - 2014-05-09 14:31 - 31842816 _____ () C:\Program Files (x86)\AVG\Framework\Common\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D346F792

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^548621e.exe => C:\Windows\pss\548621e.exe.Startup
MSCONFIG\startupfolder: C:^Users^katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: 548621 => C:\548621e\548621e.exe
MSCONFIG\startupreg: 548621e => C:\Users\katrina\AppData\Roaming\548621e.exe
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\katrina\AppData\Local\Smartbar\Application\QuickShare.exe startup
MSCONFIG\startupreg: DriverScanner => "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: Free Download Manager => "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: Internet Helper Anti-phishing => "C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NTRedirect => C:\Windows\SysWOW64\rundll32.exe "C:\Users\katrina\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PC Health Kit => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: sollenh => rundll32 "C:\Users\katrina\AppData\Local\sollenh.dll",sollenh
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/09/2014 11:56:54 AM) (Source: MsiInstaller) (User: katrina-HP) (EventID: 1024)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011006}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/09/2014 09:59:23 AM) (Source: MsiInstaller) (User: katrina-HP) (EventID: 1024)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011006}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/09/2014 09:43:33 AM) (Source: MsiInstaller) (User: katrina-HP) (EventID: 1024)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011006}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/09/2014 09:41:43 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000289aa
Faulting process id: 0x%9
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (05/09/2014 08:12:54 AM) (Source: MsiInstaller) (User: katrina-HP) (EventID: 1024)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011006}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/09/2014 08:10:25 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: HPAdvisorDock.exe, version: 3.4.10262.3295, time stamp: 0x4b72213a
Faulting module name: HPAdvisorDock.exe, version: 3.4.10262.3295, time stamp: 0x4b72213a
Exception code: 0xc000041d
Fault offset: 0x0000000000034737
Faulting process id: 0x12ec
Faulting application start time: 0xHPAdvisorDock.exe0
Faulting application path: HPAdvisorDock.exe1
Faulting module path: HPAdvisorDock.exe2
Report Id: HPAdvisorDock.exe3

Error: (05/09/2014 08:10:11 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: HPAdvisorDock.exe, version: 3.4.10262.3295, time stamp: 0x4b72213a
Faulting module name: HPAdvisorDock.exe, version: 3.4.10262.3295, time stamp: 0x4b72213a
Exception code: 0xc0000005
Fault offset: 0x0000000000034737
Faulting process id: 0x12ec
Faulting application start time: 0xHPAdvisorDock.exe0
Faulting application path: HPAdvisorDock.exe1
Faulting module path: HPAdvisorDock.exe2
Report Id: HPAdvisorDock.exe3

Error: (05/09/2014 08:10:05 AM) (Source: AdvisorDock) (User: ) (EventID: 100)
Description: caught an unhandled exception in OnInitDialog

Error: (05/08/2014 09:25:30 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x129c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/08/2014 08:52:36 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: The program MyPC Backup.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11c0

Start Time: 01cf6ae433667374

Termination Time: 172

Application Path: C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe

Report Id:


System errors:
=============
Error: (05/09/2014 03:53:59 PM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (05/09/2014 03:53:59 PM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (05/09/2014 02:13:17 PM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (05/09/2014 02:13:17 PM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (05/09/2014 01:51:37 PM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (05/09/2014 01:51:37 PM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (05/09/2014 01:46:23 PM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (05/09/2014 01:46:23 PM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (05/09/2014 01:46:22 PM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (05/09/2014 01:46:21 PM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 40. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (05/09/2014 11:56:54 AM) (Source: MsiInstaller) (User: katrina-HP) (EventID: 1024)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011006}1625(NULL)(NULL)(NULL)

Error: (05/09/2014 09:59:23 AM) (Source: MsiInstaller) (User: katrina-HP) (EventID: 1024)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011006}1625(NULL)(NULL)(NULL)

Error: (05/09/2014 09:43:33 AM) (Source: MsiInstaller) (User: katrina-HP) (EventID: 1024)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011006}1625(NULL)(NULL)(NULL)

Error: (05/09/2014 09:41:43 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000000500000000000289aa

Error: (05/09/2014 08:12:54 AM) (Source: MsiInstaller) (User: katrina-HP) (EventID: 1024)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011006}1625(NULL)(NULL)(NULL)

Error: (05/09/2014 08:10:25 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: HPAdvisorDock.exe3.4.10262.32954b72213aHPAdvisorDock.exe3.4.10262.32954b72213ac000041d000000000003473712ec01cf6b55b0f33417C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exeC:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exefd6896db-d748-11e3-a01c-643150572e79

Error: (05/09/2014 08:10:11 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: HPAdvisorDock.exe3.4.10262.32954b72213aHPAdvisorDock.exe3.4.10262.32954b72213ac0000005000000000003473712ec01cf6b55b0f33417C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exeC:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exef4ea4ada-d748-11e3-a01c-643150572e79

Error: (05/09/2014 08:10:05 AM) (Source: AdvisorDock) (User: ) (EventID: 100)
Description: caught an unhandled exception in OnInitDialog

Error: (05/08/2014 09:25:30 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: svchost.exe6.1.7600.163854a5bc100ole32.dll6.1.7601.175144ce7b96fc000000500039342129c01cf6ae43997c7ebC:\Windows\syswow64\svchost.exeC:\Windows\syswow64\ole32.dlle57e7489-d6ee-11e3-b0b9-643150572e79

Error: (05/08/2014 08:52:36 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: MyPC Backup.exe1.0.0.011c001cf6ae433667374172C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 3998.92 MB
Available physical RAM: 1783.38 MB
Total Pagefile: 7996.02 MB
Available Pagefile: 4833.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.17 GB) (Free:319.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.29 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 80F49AF4)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

Edited by Oh My, 20 May 2014 - 11:49 AM.
Posted logs


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 14 May 2014 - 10:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533769 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 peddier

peddier
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 16 May 2014 - 07:50 AM

Yes I am still having problems with the machine.
 
I was seeing multiple dllhost.exe processes however this does not seem to be the case now. The machine is slow and AVG is finding Trojans often..
 
I have attached the logs as requested

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by katrina at 13:27:16 on 2014-05-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3999.1608 [GMT 1:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{FB89A12A-7F3D-4370-A25A-14DE15233EAF} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FB89A12A-7F3D-4370-A25A-14DE15233EAF}\244584572633D2B46464A4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FB89A12A-7F3D-4370-A25A-14DE15233EAF}\35B4950343733363 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: ApptoU: {5DC89B11-95AE-391B-73D4-5B9016CCB039} - C:\ProgramData\ApptoU\ikF2.x64.dll
x64-BHO: LuCiKKyCoupaon: {8E2BCED6-EB31-D505-E907-3B22CF7BB1E0} - C:\ProgramData\LuCiKKyCoupaon\5.x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: deal4real: {BB5A7DD3-BB1E-9413-9776-6DC536BBD07B} - C:\ProgramData\deal4real\oYId55yr.x64.dll
x64-BHO: IcouValid: {C234C7BC-12DB-4389-4952-4711A2C14908} - C:\ProgramData\IcouValid\eF6DX3N.x64.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-BHO: leeeSs2paaY: {FD016E09-EF94-D88B-4657-DC5F32CA9A02} - C:\ProgramData\leeeSs2paaY\dm.x64.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-3-27 192792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-3-27 324376]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-3-31 130840]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-3-27 32536]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-12 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-12 912504]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-3-27 153368]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-4-18 237336]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-3-27 236824]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-3-31 274200]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-3-11 1124472]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110311.001\IDSviA64.sys [2011-3-12 476792]
R1 RapportCerberus_68261;RapportCerberus_68261;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [2014-5-15 631096]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-5-3 299512]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-5-3 414232]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-12 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-12 386168]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-17 98208]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-4-3 1473280]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-4-18 3645456]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2014-4-11 640016]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-3-27 291912]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-19 103992]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-9 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-9 857912]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-12 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2014-4-9 4343664]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-5-3 1882392]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-20 315392]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-1-15 132656]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-9 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-9 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-9 63192]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-17 347680]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-8-17 1093152]
RUnknown {6c99c2f0-e68d-4af3-b9e5-1682be7bd5e1}Gw64;{6c99c2f0-e68d-4af3-b9e5-1682be7bd5e1}Gw64; [x]
S2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2009-7-14 45568]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-26 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-16 289256]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-12-18 358552]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-16 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-05-15 20:19:24 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-15 20:19:24 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-15 12:51:13 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-15 12:51:09 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-15 12:47:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-05-15 12:47:59 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-05-15 12:47:58 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-05-15 12:47:58 35328 ----a-w- C:\Windows\SysWow64\wincredprovider.dll
2014-05-15 12:47:58 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-05-15 12:47:57 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-15 12:47:56 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-05-15 12:47:56 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-15 12:47:55 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-05-15 12:47:55 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-05-15 12:47:54 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-05-09 15:01:46 -------- d-----w- C:\Users\katrina\AppData\Roaming\AVG2014
2014-05-09 14:50:31 -------- d-----w- C:\Users\katrina\AppData\Roaming\TuneUp Software
2014-05-09 14:49:17 -------- d-----w- C:\FRST
2014-05-09 14:25:51 -------- d--h--w- C:\$AVG
2014-05-09 14:25:45 -------- d-----w- C:\ProgramData\AVG2014
2014-05-09 13:56:46 -------- d-----w- C:\Users\katrina\AppData\Local\Avg2014
2014-05-09 13:56:45 -------- d-----w- C:\Users\katrina\AppData\Local\MFAData
2014-05-09 13:56:45 -------- d-----w- C:\ProgramData\MFAData
2014-05-09 13:30:46 -------- d-----w- C:\ProgramData\Avg
2014-05-09 13:30:45 -------- d--h--w- C:\ProgramData\Common Files
2014-05-09 13:30:45 -------- d-----w- C:\Program Files (x86)\AVG
2014-05-09 13:27:05 -------- d-----w- C:\Users\katrina\AppData\Local\AvgSetupLog
2014-05-09 13:27:05 -------- d-----w- C:\Users\katrina\AppData\Local\Avg
2014-05-09 07:45:27 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-09 07:44:28 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-09 07:44:28 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-09 07:44:28 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-09 07:44:28 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-09 07:44:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-09 07:10:27 -------- d-----w- C:\Users\katrina\AppData\Local\{5DDE59A1-171B-423E-9044-E63A170ED80D}
2014-05-08 20:16:51 -------- d-----w- C:\Windows\pss
2014-05-08 17:38:09 -------- d-----w- C:\Users\katrina\AppData\Local\{CD90BCBC-4836-4FC4-93E8-7D22858133EB}
2014-05-07 08:22:43 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E4DA3206-1167-4236-ABE6-3F8A1FD044EA}\mpengine.dll
2014-05-07 08:06:50 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-07 07:54:17 -------- d-----w- C:\Users\katrina\AppData\Local\{61B79630-3A43-4CD9-82A9-700A52DBB52E}
2014-05-04 15:52:01 -------- d-----w- C:\Users\katrina\AppData\Local\{F7A1D24D-2C93-4939-88D3-DADFA790FD3C}
2014-04-27 16:22:53 -------- d-sh--w- C:\Users\katrina\AppData\Local\EmieUserList
2014-04-27 16:22:53 -------- d-sh--w- C:\Users\katrina\AppData\Local\EmieSiteList
2014-04-27 16:22:14 -------- d-----w- C:\Users\katrina\AppData\Local\{809CC404-E2BF-4194-9A85-788B335E2186}
2014-04-26 09:53:07 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-04-26 09:53:04 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-04-26 09:52:51 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-04-26 09:52:50 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-04-26 09:52:44 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-04-26 09:52:44 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-04-26 09:52:43 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-04-26 09:52:42 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-04-26 09:52:42 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-04-26 09:52:41 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2014-04-26 09:52:36 271360 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2014-04-26 09:52:34 722432 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-04-26 09:50:58 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-04-26 09:50:56 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-04-26 09:50:55 811728 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-04-26 09:50:55 809680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-04-26 09:50:55 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-04-26 09:50:54 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-04-26 09:50:47 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-04-26 09:50:46 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-04-26 09:41:12 -------- d-----w- C:\Users\katrina\AppData\Local\{3606C9CB-965A-47F2-B3D4-3E71B4A5D70D}
2014-04-24 14:14:30 -------- d--h--w- C:\548621e
2014-04-24 08:17:22 -------- d-----w- C:\Users\katrina\AppData\Local\{5476F88E-F63E-41D8-AC01-0DD1906063CD}
2014-04-18 14:01:30 237336 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-04-17 11:05:10 -------- d-----w- C:\Users\katrina\AppData\Local\{D183E6A3-CAF0-421A-BDB1-A40C9AE47C56}
.
==================== Find3M ====================
.
2014-05-15 12:50:25 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 12:50:25 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-03 21:55:48 358552 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-04-15 01:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-03-31 15:20:54 274200 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-03-31 15:06:26 130840 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-03-31 08:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-27 21:14:26 192792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-03-27 21:14:24 153368 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-03-27 21:07:10 236824 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-03-27 21:05:02 324376 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-03-27 21:03:16 32536 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 13:39:40.28 ===============

Edited by Oh My, 20 May 2014 - 11:50 AM.
Posted DDS


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 19 May 2014 - 10:45 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 19 May 2014 - 02:07 PM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:28 AM

Posted 20 May 2014 - 08:05 AM

Greetings peddier and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me as I would like to review the most current information available.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 peddier

peddier
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 20 May 2014 - 09:17 AM

Hi Gary,

 

Thank you for assisting with this. Please call me Robert.

 

I ran the FRST tool when I opened the topic so below I have pasted the result. I have also attached re Summary file as requested.

 

I'll not have access to this PC for the next few days as I am travelling and will progress any requests as soon as I am back.

 

Thanks again for your help

 

Robert

dds

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by katrina at 13:27:16 on 2014-05-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3999.1608 [GMT 1:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{FB89A12A-7F3D-4370-A25A-14DE15233EAF} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FB89A12A-7F3D-4370-A25A-14DE15233EAF}\244584572633D2B46464A4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FB89A12A-7F3D-4370-A25A-14DE15233EAF}\35B4950343733363 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: ApptoU: {5DC89B11-95AE-391B-73D4-5B9016CCB039} - C:\ProgramData\ApptoU\ikF2.x64.dll
x64-BHO: LuCiKKyCoupaon: {8E2BCED6-EB31-D505-E907-3B22CF7BB1E0} - C:\ProgramData\LuCiKKyCoupaon\5.x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: deal4real: {BB5A7DD3-BB1E-9413-9776-6DC536BBD07B} - C:\ProgramData\deal4real\oYId55yr.x64.dll
x64-BHO: IcouValid: {C234C7BC-12DB-4389-4952-4711A2C14908} - C:\ProgramData\IcouValid\eF6DX3N.x64.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-BHO: leeeSs2paaY: {FD016E09-EF94-D88B-4657-DC5F32CA9A02} - C:\ProgramData\leeeSs2paaY\dm.x64.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-3-27 192792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-3-27 324376]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-3-31 130840]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-3-27 32536]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-12 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-12 912504]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-3-27 153368]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-4-18 237336]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-3-27 236824]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-3-31 274200]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-3-11 1124472]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110311.001\IDSviA64.sys [2011-3-12 476792]
R1 RapportCerberus_68261;RapportCerberus_68261;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [2014-5-15 631096]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-5-3 299512]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-5-3 414232]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-12 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-12 386168]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-17 98208]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-4-3 1473280]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-4-18 3645456]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2014-4-11 640016]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-3-27 291912]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-19 103992]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-9 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-9 857912]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-12 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2014-4-9 4343664]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-5-3 1882392]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-20 315392]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-1-15 132656]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-9 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-9 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-9 63192]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-17 347680]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-8-17 1093152]
RUnknown {6c99c2f0-e68d-4af3-b9e5-1682be7bd5e1}Gw64;{6c99c2f0-e68d-4af3-b9e5-1682be7bd5e1}Gw64; [x]
S2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2009-7-14 45568]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-26 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-16 289256]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-12-18 358552]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-16 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-05-15 20:19:24 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-15 20:19:24 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-15 12:51:13 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-15 12:51:09 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-15 12:47:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-05-15 12:47:59 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-05-15 12:47:58 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-05-15 12:47:58 35328 ----a-w- C:\Windows\SysWow64\wincredprovider.dll
2014-05-15 12:47:58 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-05-15 12:47:57 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-15 12:47:56 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-05-15 12:47:56 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-15 12:47:55 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-05-15 12:47:55 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-05-15 12:47:54 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-05-09 15:01:46 -------- d-----w- C:\Users\katrina\AppData\Roaming\AVG2014
2014-05-09 14:50:31 -------- d-----w- C:\Users\katrina\AppData\Roaming\TuneUp Software
2014-05-09 14:49:17 -------- d-----w- C:\FRST
2014-05-09 14:25:51 -------- d--h--w- C:\$AVG
2014-05-09 14:25:45 -------- d-----w- C:\ProgramData\AVG2014
2014-05-09 13:56:46 -------- d-----w- C:\Users\katrina\AppData\Local\Avg2014
2014-05-09 13:56:45 -------- d-----w- C:\Users\katrina\AppData\Local\MFAData
2014-05-09 13:56:45 -------- d-----w- C:\ProgramData\MFAData
2014-05-09 13:30:46 -------- d-----w- C:\ProgramData\Avg
2014-05-09 13:30:45 -------- d--h--w- C:\ProgramData\Common Files
2014-05-09 13:30:45 -------- d-----w- C:\Program Files (x86)\AVG
2014-05-09 13:27:05 -------- d-----w- C:\Users\katrina\AppData\Local\AvgSetupLog
2014-05-09 13:27:05 -------- d-----w- C:\Users\katrina\AppData\Local\Avg
2014-05-09 07:45:27 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-09 07:44:28 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-09 07:44:28 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-09 07:44:28 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-09 07:44:28 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-09 07:44:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-09 07:10:27 -------- d-----w- C:\Users\katrina\AppData\Local\{5DDE59A1-171B-423E-9044-E63A170ED80D}
2014-05-08 20:16:51 -------- d-----w- C:\Windows\pss
2014-05-08 17:38:09 -------- d-----w- C:\Users\katrina\AppData\Local\{CD90BCBC-4836-4FC4-93E8-7D22858133EB}
2014-05-07 08:22:43 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E4DA3206-1167-4236-ABE6-3F8A1FD044EA}\mpengine.dll
2014-05-07 08:06:50 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-07 07:54:17 -------- d-----w- C:\Users\katrina\AppData\Local\{61B79630-3A43-4CD9-82A9-700A52DBB52E}
2014-05-04 15:52:01 -------- d-----w- C:\Users\katrina\AppData\Local\{F7A1D24D-2C93-4939-88D3-DADFA790FD3C}
2014-04-27 16:22:53 -------- d-sh--w- C:\Users\katrina\AppData\Local\EmieUserList
2014-04-27 16:22:53 -------- d-sh--w- C:\Users\katrina\AppData\Local\EmieSiteList
2014-04-27 16:22:14 -------- d-----w- C:\Users\katrina\AppData\Local\{809CC404-E2BF-4194-9A85-788B335E2186}
2014-04-26 09:53:07 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-04-26 09:53:04 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-04-26 09:52:51 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-04-26 09:52:50 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-04-26 09:52:44 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-04-26 09:52:44 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-04-26 09:52:43 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-04-26 09:52:42 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-04-26 09:52:42 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-04-26 09:52:41 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2014-04-26 09:52:36 271360 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2014-04-26 09:52:34 722432 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-04-26 09:50:58 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-04-26 09:50:56 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-04-26 09:50:55 811728 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-04-26 09:50:55 809680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-04-26 09:50:55 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-04-26 09:50:54 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-04-26 09:50:47 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-04-26 09:50:46 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-04-26 09:41:12 -------- d-----w- C:\Users\katrina\AppData\Local\{3606C9CB-965A-47F2-B3D4-3E71B4A5D70D}
2014-04-24 14:14:30 -------- d--h--w- C:\548621e
2014-04-24 08:17:22 -------- d-----w- C:\Users\katrina\AppData\Local\{5476F88E-F63E-41D8-AC01-0DD1906063CD}
2014-04-18 14:01:30 237336 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-04-17 11:05:10 -------- d-----w- C:\Users\katrina\AppData\Local\{D183E6A3-CAF0-421A-BDB1-A40C9AE47C56}
.
==================== Find3M  ====================
.
2014-05-15 12:50:25 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 12:50:25 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-03 21:55:48 358552 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-04-15 01:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-03-31 15:20:54 274200 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-03-31 15:06:26 130840 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-03-31 08:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-27 21:14:26 192792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-03-27 21:14:24 153368 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-03-27 21:07:10 236824 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-03-27 21:05:02 324376 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-03-27 21:03:16 32536 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 13:39:40.28 ===============

 

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 15/01/2011 15:50:13
System Uptime: 16/05/2014 09:24:46 (4 hours ago)
.
Motherboard: Hewlett-Packard |  | 1605
Processor: Pentium® Dual-Core CPU       T4500  @ 2.30GHz | CPU | 1196/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 319.79 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.201 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP461: 30/04/2014 08:31:40 - Windows Update
RP462: 04/05/2014 16:41:15 - Windows Update
RP463: 06/05/2014 11:24:56 - Windows Update
RP464: 07/05/2014 08:58:08 - Windows Update
RP465: 08/05/2014 18:40:37 - Windows Update
RP466: 09/05/2014 07:30:35 - Windows Update
RP467: 09/05/2014 15:06:22 - Installed AVG 2014
RP468: 09/05/2014 15:15:11 - Installed AVG 2014
RP469: 09/05/2014 17:21:52 - Windows Update
RP470: 15/05/2014 20:42:49 - Installed Rapport
RP471: 15/05/2014 20:55:26 - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 11.5
Agatha Christie - Death on the Nile
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ApptoU
Ask Toolbar
AVG
AVG 2014
AVG Zen
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Bonjour
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink DVD Suite
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
deal4real
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Delta Chrome Toolbar
DJ_AIO_06_F2400_SW_Min
Dora's Carnival Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Facebook Video Calling 1.2.0.287
Facebook Video Calling 2.0.0.447
FATE
Final Drive Nitro
FMW 1
Free Download Manager 3.9.3
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
HP Documentation
HP Game Console
HP Games
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Wireless Assistant
IcouValid
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Internet Helper Anti-phishing
iTunes
Java Auto Updater
Java™ 6 Update 20 (64-bit)
Java™ 6 Update 30
Jewel Quest - Heritage
Junk Mail filter update
KODAK Share Button App
LabelPrint
LightScribe System Software
Magic Desktop
Malwarebytes Anti-Malware version 2.0.1.1004
McAfee Security Scan Plus
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MP3 Rocket
MP3 Rocket Toolbar Updater
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPC Backup
Norton Internet Security
Norton Online Backup
Optimizer Pro v3.2
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickShare
Rapport
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Recovery Manager
RtVOsd
SAMSUNG Intelli-studio
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Synaptics Pointing Device Driver
Systweak PhotoStudio 2.1
Toolbox
Trusteer Endpoint Protection
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Virtual Villagers - The Secret City
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
16/05/2014 07:43:13, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.
15/05/2014 21:21:49, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition.
15/05/2014 21:19:23, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition.
15/05/2014 21:16:18, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition.
15/05/2014 15:36:49, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
15/05/2014 13:58:21, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
15/05/2014 13:58:21, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
09/05/2014 17:22:51, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition.
09/05/2014 16:57:19, Error: Service Control Manager [7031]  - The AVG Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
09/05/2014 15:53:59, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
09/05/2014 12:00:02, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
09/05/2014 12:00:02, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
09/05/2014 09:55:06, Error: Service Control Manager [7000]  - The Util bomlabio service failed to start due to the following error:  This version of Util bomlabio is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
09/05/2014 09:55:05, Error: Service Control Manager [7000]  - The Update bomlabio service failed to start due to the following error:  This version of Update bomlabio is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
.
==== End Of File ===========================


 



#8 peddier

peddier
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 20 May 2014 - 09:21 AM

Hi Gary

 

Sorry forgot to attach the Summary file to previous response.

 

Robert



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:28 AM

Posted 20 May 2014 - 12:22 PM

Hi Robert,

Thank you for letting me know of the delay. What I would like is a fresh FRST report when you get a chance to run the program. Please be sure to place a check mark next to Addition.txt before running it.

See you when you return.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 peddier

peddier
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 24 May 2014 - 08:06 AM

Hi Gary

 

Apologies for the delay in replying. I am now also having major problems starting windows, so I have ran the requested scans in SAFE mode.

 

Below is the FRST content, followed by the additions content. Summary was zipped in my previous post.

 

Thanks

 

Robert

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2014
Ran by katrina (administrator) on KATRINA-HP on 24-05-2014 13:46:06
Running from C:\Users\katrina\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\HelpPane.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1164304 2014-04-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
HKU\S-1-5-21-2400530217-1677791121-3577320560-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2400530217-1677791121-3577320560-1000\...\MountPoints2: {687bb7b5-2189-11e1-83f8-643150572e79} - F:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-2400530217-1677791121-3577320560-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\katrina\AppData\Local\Temp\scpiyyb\syjjjyx\wow.dll ATTENTION! ====> ZeroAccess?
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
AppInit_DLLs:  c:\progra~2\optimi~1\optpro~2.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4444488 2013-11-19] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {96E8EB52-0F72-4399-9C46-0E843A692238} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {9EE6B9CB-ED91-4C89-91E1-C006C0198F5D} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKBIpNolJDHnMo-NpUgxWidLUf-n67uyvfk_JCcQILGkjEx1yHj4wPosLpG-splDx1bKhrNPzf5gBEOkYnwWsP0XFWtKOLsIHx-Fq9cxqM4t5gVov061DK7YaYtACVVdO3RqbQPZ-ne2yI,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKBIpNolJDHnMo-NpUgxWidLUf-n67uyvfk_JCcQILGkjEx1yHj4wPosLpG-splDx1bKhrNPzf5gBEOkYnwWsP0XFWtKOLsIHx-Fq9cxqM4t5gVov061DK7YaYtACVVdO3RqbQPZ-ne2yI,&q={searchTerms}
BHO: ApptoU - {5DC89B11-95AE-391B-73D4-5B9016CCB039} - C:\ProgramData\ApptoU\ikF2.x64.dll ()
BHO: LuCiKKyCoupaon - {8E2BCED6-EB31-D505-E907-3B22CF7BB1E0} - C:\ProgramData\LuCiKKyCoupaon\5.x64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: deal4real - {BB5A7DD3-BB1E-9413-9776-6DC536BBD07B} - C:\ProgramData\deal4real\oYId55yr.x64.dll ()
BHO: IcouValid - {C234C7BC-12DB-4389-4952-4711A2C14908} - C:\ProgramData\IcouValid\eF6DX3N.x64.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: leeeSs2paaY - {FD016E09-EF94-D88B-4657-DC5F32CA9A02} - C:\ProgramData\leeeSs2paaY\dm.x64.dll ()
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-12] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2014-05-24]

Chrome:
=======
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=f284b24a-c34b-4124-b111-5094fa594aee&searchtype=hp&installDate=28/08/2013"
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=18B01C659D72233C&affID=119523&tt=280813_ctrl1&tsp=4988
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live\xC2\x99 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (TicuTACoupon) - C:\Users\katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmikecgkfgmkaienoanpifikakoocpp [2014-03-19]
CHR Extension: (leeeSs2paaY) - C:\Users\katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpdbdoodljdocohmfbdoacfdfakimlb [2014-02-16]
CHR Extension: (iCloud Bookmarks) - C:\Users\katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-09-19]
CHR Extension: (MixiDJ V30) - C:\Users\katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieajphigldbfhdlccebbnjllmipokipa [2013-10-14]
CHR Extension: (Google Wallet) - C:\Users\katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (ApptoU) - C:\ProgramData\ohpdcgepgippoidomncdmikcehemaahp [2013-12-24]
CHR HKLM-x32\...\Chrome\Extension: [ljidjdddaoiogpbmniipclcppkoembao] - C:\Program Files (x86)\bomlabio\ljidjdddaoiogpbmniipclcppkoembao.crx [2013-12-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [193688 2013-11-19] ()
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473280 2014-04-03] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [640016 2014-04-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4343664 2014-04-09] (Symantec Corporation)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)

==================== Drivers (Whitelisted) ====================

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [1124472 2011-02-25] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-01-15] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2011-01-15] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110311.001\IDSvia64.sys [476792 2010-11-09] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-20] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110314.002\ENG64.SYS [117880 2011-01-15] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110314.002\EX64.SYS [1791096 2011-01-15] (Symantec Corporation)
S1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-15] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-24 13:46 - 2014-05-24 13:47 - 00020100 _____ () C:\Users\katrina\Desktop\FRST.txt
2014-05-24 12:33 - 2014-05-24 12:33 - 02067456 _____ (Farbar) C:\Users\katrina\Desktop\FRST64.exe
2014-05-24 12:09 - 2014-05-24 12:13 - 00000000 ____D () C:\ProgramData\EuxtRaShoppper
2014-05-24 12:07 - 2014-05-24 12:09 - 00000000 ____D () C:\Users\katrina\Desktop\Loga
2014-05-19 18:12 - 2014-05-19 18:12 - 00002221 _____ () C:\Users\katrina\Desktop\HP Support Assistant.lnk
2014-05-19 18:12 - 2014-05-19 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-05-19 17:37 - 2014-05-19 17:38 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-16 13:23 - 2014-05-16 13:24 - 00688992 ____R (Swearware) C:\Users\katrina\Downloads\dds.com
2014-05-15 21:19 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 21:19 - 2014-05-06 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 21:19 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 21:19 - 2014-05-06 04:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 21:19 - 2014-05-06 04:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 21:19 - 2014-05-06 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 13:51 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 13:51 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 13:51 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 13:51 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 13:48 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 13:48 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 13:48 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 13:48 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 13:48 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 13:48 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 13:48 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 13:48 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 13:48 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 13:48 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 13:48 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 13:48 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 13:48 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 13:48 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 13:48 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 13:48 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 13:48 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 13:48 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 13:48 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 13:48 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 13:48 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 13:48 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 13:48 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 13:48 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 13:48 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 13:48 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 13:48 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 13:48 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 13:48 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 13:48 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 13:47 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 13:47 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 13:47 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 13:47 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 13:47 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 13:47 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 13:47 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 13:47 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 13:47 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 13:47 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 13:47 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-09 16:04 - 2014-05-09 16:16 - 00047120 _____ () C:\Users\katrina\Downloads\Addition.txt
2014-05-09 16:01 - 2014-05-09 16:01 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\AVG2014
2014-05-09 15:50 - 2014-05-09 16:16 - 00060687 _____ () C:\Users\katrina\Downloads\FRST.txt
2014-05-09 15:50 - 2014-05-09 15:50 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\TuneUp Software
2014-05-09 15:50 - 2014-05-09 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-09 15:49 - 2014-05-24 13:46 - 00000000 ____D () C:\FRST
2014-05-09 15:43 - 2014-05-09 15:46 - 02064384 _____ (Farbar) C:\Users\katrina\Downloads\FRST64.exe
2014-05-09 15:25 - 2014-05-15 13:29 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-09 15:25 - 2014-05-09 15:25 - 00000000 ___HD () C:\$AVG
2014-05-09 14:56 - 2014-05-24 12:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-09 14:56 - 2014-05-19 08:28 - 00000000 ____D () C:\Users\katrina\AppData\Local\Avg2014
2014-05-09 14:56 - 2014-05-09 14:56 - 00000000 ____D () C:\Users\katrina\AppData\Local\MFAData
2014-05-09 14:48 - 2014-05-09 14:48 - 00000936 _____ () C:\Users\Public\Desktop\AVG.lnk
2014-05-09 14:47 - 2014-05-09 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2014-05-09 14:30 - 2014-05-09 15:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-09 14:30 - 2014-05-09 14:47 - 00000000 ____D () C:\ProgramData\Avg
2014-05-09 14:27 - 2014-05-09 14:44 - 00000000 ____D () C:\Users\katrina\AppData\Local\AvgSetupLog
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\katrina\AppData\Local\Avg
2014-05-09 14:26 - 2014-05-09 14:26 - 16045040 _____ (AVG Technologies) C:\Users\katrina\Downloads\avg_zist_stb_all_208_11.exe
2014-05-09 12:05 - 2014-05-09 12:05 - 00002123 _____ () C:\Users\Public\Desktop\Norton Online Backup.lnk
2014-05-09 12:04 - 2014-05-09 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2014-05-09 10:50 - 2014-05-09 10:49 - 00002478 _____ () C:\Users\katrina\Desktop\logfile.xml
2014-05-09 08:45 - 2014-05-20 14:15 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 08:44 - 2014-05-09 08:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-09 08:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-09 08:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-09 08:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:10 - 2014-05-09 08:10 - 00000000 ____D () C:\Users\katrina\AppData\Local\{5DDE59A1-171B-423E-9044-E63A170ED80D}
2014-05-08 21:16 - 2014-05-08 21:16 - 00000000 ____D () C:\Windows\pss
2014-05-08 19:36 - 2014-05-15 20:31 - 00007594 _____ () C:\Users\katrina\AppData\Local\Resmon.ResmonCfg
2014-05-08 18:38 - 2014-05-08 18:38 - 00000000 ____D () C:\Users\katrina\AppData\Local\{CD90BCBC-4836-4FC4-93E8-7D22858133EB}
2014-05-07 09:06 - 2014-05-16 07:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 08:54 - 2014-05-07 08:54 - 00000000 ____D () C:\Users\katrina\AppData\Local\{61B79630-3A43-4CD9-82A9-700A52DBB52E}
2014-05-04 16:52 - 2014-05-06 11:23 - 00000000 ____D () C:\Users\katrina\AppData\Local\{F7A1D24D-2C93-4939-88D3-DADFA790FD3C}
2014-05-01 17:51 - 2014-05-01 17:51 - 00004663 _____ () C:\Users\katrina\Desktop\_GEAREXT.WO_IDENT.TXT
2014-04-27 22:43 - 2014-04-27 22:43 - 00002785 _____ () C:\Users\katrina\Downloads\HOW_DECRYPT.HTML
2014-04-27 22:43 - 2014-04-27 22:43 - 00002785 _____ () C:\Users\katrina\Documents\HOW_DECRYPT.HTML
2014-04-27 22:43 - 2014-04-27 22:43 - 00001267 _____ () C:\Users\katrina\Downloads\HOW_DECRYPT.TXT
2014-04-27 22:43 - 2014-04-27 22:43 - 00001267 _____ () C:\Users\katrina\Documents\HOW_DECRYPT.TXT
2014-04-27 22:43 - 2014-04-27 22:43 - 00000135 _____ () C:\Users\katrina\Downloads\HOW_DECRYPT.URL
2014-04-27 22:43 - 2014-04-27 22:43 - 00000135 _____ () C:\Users\katrina\Documents\HOW_DECRYPT.URL
2014-04-27 17:24 - 2014-04-27 17:24 - 00002785 _____ () C:\Users\katrina\AppData\Roaming\HOW_DECRYPT.HTML
2014-04-27 17:24 - 2014-04-27 17:24 - 00002785 _____ () C:\Users\katrina\AppData\HOW_DECRYPT.HTML
2014-04-27 17:24 - 2014-04-27 17:24 - 00001267 _____ () C:\Users\katrina\AppData\Roaming\HOW_DECRYPT.TXT
2014-04-27 17:24 - 2014-04-27 17:24 - 00001267 _____ () C:\Users\katrina\AppData\HOW_DECRYPT.TXT
2014-04-27 17:24 - 2014-04-27 17:24 - 00000135 _____ () C:\Users\katrina\AppData\Roaming\HOW_DECRYPT.URL
2014-04-27 17:24 - 2014-04-27 17:24 - 00000135 _____ () C:\Users\katrina\AppData\HOW_DECRYPT.URL
2014-04-27 17:22 - 2014-04-27 17:22 - 00000000 __SHD () C:\Users\katrina\AppData\Local\EmieUserList
2014-04-27 17:22 - 2014-04-27 17:22 - 00000000 __SHD () C:\Users\katrina\AppData\Local\EmieSiteList
2014-04-27 17:22 - 2014-04-27 17:22 - 00000000 ____D () C:\Users\katrina\AppData\Local\{809CC404-E2BF-4194-9A85-788B335E2186}
2014-04-26 10:53 - 2014-03-06 09:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-26 10:53 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-26 10:52 - 2014-03-06 09:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-26 10:52 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-26 10:51 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-26 10:51 - 2014-03-06 09:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-26 10:51 - 2014-03-06 09:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-26 10:51 - 2014-03-06 09:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-26 10:51 - 2014-03-06 09:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-26 10:51 - 2014-03-06 09:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-26 10:51 - 2014-03-06 09:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-26 10:51 - 2014-03-06 09:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-26 10:51 - 2014-03-06 09:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-26 10:51 - 2014-03-06 09:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-26 10:51 - 2014-03-06 09:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-26 10:51 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-26 10:51 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-26 10:51 - 2014-03-06 08:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-26 10:51 - 2014-03-06 08:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-26 10:51 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-26 10:51 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-26 10:51 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-26 10:51 - 2014-03-06 08:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-26 10:51 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-26 10:51 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-26 10:51 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-26 10:51 - 2014-03-06 08:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-26 10:51 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-26 10:51 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-26 10:51 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-26 10:51 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-26 10:51 - 2014-03-06 06:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-26 10:51 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-26 10:50 - 2014-03-06 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-26 10:50 - 2014-03-06 09:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-26 10:50 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-26 10:50 - 2014-03-06 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-26 10:50 - 2014-03-06 07:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-26 10:50 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-26 10:50 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-26 10:50 - 2014-03-06 07:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-26 10:50 - 2014-03-06 06:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-26 10:50 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-26 10:50 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-26 10:41 - 2014-04-26 10:46 - 00000000 ____D () C:\Users\katrina\AppData\Local\{3606C9CB-965A-47F2-B3D4-3E71B4A5D70D}
2014-04-25 07:55 - 2014-04-25 07:55 - 00002785 _____ () C:\Users\katrina\AppData\Local\HOW_DECRYPT.HTML
2014-04-25 07:55 - 2014-04-25 07:55 - 00001267 _____ () C:\Users\katrina\AppData\Local\HOW_DECRYPT.TXT
2014-04-25 07:55 - 2014-04-25 07:55 - 00000135 _____ () C:\Users\katrina\AppData\Local\HOW_DECRYPT.URL
2014-04-24 22:25 - 2014-04-24 22:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-24 22:25 - 2014-04-24 22:25 - 00000000 ____D () C:\Users\Administrator
2014-04-24 22:00 - 2014-04-24 22:00 - 00002785 _____ () C:\ProgramData\HOW_DECRYPT.HTML
2014-04-24 22:00 - 2014-04-24 22:00 - 00001267 _____ () C:\ProgramData\HOW_DECRYPT.TXT
2014-04-24 22:00 - 2014-04-24 22:00 - 00000135 _____ () C:\ProgramData\HOW_DECRYPT.URL
2014-04-24 15:14 - 2014-05-15 13:51 - 00000000 ___HD () C:\548621e
2014-04-24 09:17 - 2014-04-24 21:57 - 00000000 ____D () C:\Users\katrina\AppData\Local\{5476F88E-F63E-41D8-AC01-0DD1906063CD}

==================== One Month Modified Files and Folders =======

2014-05-24 13:47 - 2014-05-24 13:46 - 00020100 _____ () C:\Users\katrina\Desktop\FRST.txt
2014-05-24 13:46 - 2014-05-09 15:49 - 00000000 ____D () C:\FRST
2014-05-24 13:33 - 2011-10-13 17:55 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1001UA.job
2014-05-24 13:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-24 13:27 - 2009-07-14 05:51 - 00170815 _____ () C:\Windows\setupact.log
2014-05-24 12:49 - 2012-04-19 11:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-24 12:39 - 2010-08-17 09:34 - 01117969 _____ () C:\Windows\WindowsUpdate.log
2014-05-24 12:33 - 2014-05-24 12:33 - 02067456 _____ (Farbar) C:\Users\katrina\Desktop\FRST64.exe
2014-05-24 12:13 - 2014-05-24 12:09 - 00000000 ____D () C:\ProgramData\EuxtRaShoppper
2014-05-24 12:13 - 2013-12-24 10:57 - 00000000 ____D () C:\ProgramData\4cabe61036aba2c6
2014-05-24 12:11 - 2014-05-09 14:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-24 12:10 - 2011-12-16 20:43 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-24 12:09 - 2014-05-24 12:07 - 00000000 ____D () C:\Users\katrina\Desktop\Loga
2014-05-24 09:49 - 2013-12-22 17:34 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForkatrina.job
2014-05-24 08:51 - 2012-03-11 12:56 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1002UA.job
2014-05-20 14:15 - 2014-05-09 08:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 20:00 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 20:00 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 19:27 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 19:19 - 2011-01-16 00:46 - 00813132 _____ () C:\Windows\PFRO.log
2014-05-19 18:12 - 2014-05-19 18:12 - 00002221 _____ () C:\Users\katrina\Desktop\HP Support Assistant.lnk
2014-05-19 18:12 - 2014-05-19 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-05-19 18:12 - 2010-07-11 23:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-19 18:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-05-19 17:45 - 2010-07-11 23:45 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-05-19 17:38 - 2014-05-19 17:37 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-19 17:26 - 2010-07-12 00:44 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-05-19 17:17 - 2009-09-07 01:40 - 00000000 ____D () C:\SwSetup
2014-05-19 12:44 - 2012-03-11 12:56 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1002Core.job
2014-05-19 09:42 - 2011-08-07 20:30 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-19 09:41 - 2013-03-18 18:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-19 08:28 - 2014-05-09 14:56 - 00000000 ____D () C:\Users\katrina\AppData\Local\Avg2014
2014-05-16 13:24 - 2014-05-16 13:23 - 00688992 ____R (Swearware) C:\Users\katrina\Downloads\dds.com
2014-05-16 13:16 - 2011-01-16 11:08 - 00000000 ___RD () C:\Users\holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 09:49 - 2013-12-22 17:34 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkatrina
2014-05-16 07:46 - 2011-01-15 16:57 - 00000000 ___RD () C:\Users\katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:46 - 2011-01-15 16:57 - 00000000 ___RD () C:\Users\katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 07:41 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-16 07:38 - 2014-05-07 09:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 21:23 - 2011-01-19 21:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 21:10 - 2014-01-07 19:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 21:01 - 2014-01-07 19:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 20:46 - 2013-08-20 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-05-15 20:31 - 2014-05-08 19:36 - 00007594 _____ () C:\Users\katrina\AppData\Local\Resmon.ResmonCfg
2014-05-15 13:55 - 2013-11-19 22:08 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-05-15 13:51 - 2014-04-24 15:14 - 00000000 ___HD () C:\548621e
2014-05-15 13:51 - 2011-01-16 15:18 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\Otemw
2014-05-15 13:50 - 2012-04-19 11:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 13:50 - 2012-04-19 11:34 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 13:50 - 2011-06-01 21:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 13:30 - 2013-11-19 20:46 - 00000000 ____D () C:\Users\katrina\AppData\Local\Odrics
2014-05-15 13:29 - 2014-05-09 15:25 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-09 16:16 - 2014-05-09 16:04 - 00047120 _____ () C:\Users\katrina\Downloads\Addition.txt
2014-05-09 16:16 - 2014-05-09 15:50 - 00060687 _____ () C:\Users\katrina\Downloads\FRST.txt
2014-05-09 16:01 - 2014-05-09 16:01 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\AVG2014
2014-05-09 15:50 - 2014-05-09 15:50 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\TuneUp Software
2014-05-09 15:50 - 2014-05-09 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-09 15:46 - 2014-05-09 15:43 - 02064384 _____ (Farbar) C:\Users\katrina\Downloads\FRST64.exe
2014-05-09 15:25 - 2014-05-09 15:25 - 00000000 ___HD () C:\$AVG
2014-05-09 15:11 - 2014-05-09 14:30 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-09 14:56 - 2014-05-09 14:56 - 00000000 ____D () C:\Users\katrina\AppData\Local\MFAData
2014-05-09 14:48 - 2014-05-09 14:48 - 00000936 _____ () C:\Users\Public\Desktop\AVG.lnk
2014-05-09 14:47 - 2014-05-09 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2014-05-09 14:47 - 2014-05-09 14:30 - 00000000 ____D () C:\ProgramData\Avg
2014-05-09 14:44 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\katrina\AppData\Local\AvgSetupLog
2014-05-09 14:27 - 2014-05-09 14:27 - 00000000 ____D () C:\Users\katrina\AppData\Local\Avg
2014-05-09 14:26 - 2014-05-09 14:26 - 16045040 _____ (AVG Technologies) C:\Users\katrina\Downloads\avg_zist_stb_all_208_11.exe
2014-05-09 12:05 - 2014-05-09 12:05 - 00002123 _____ () C:\Users\Public\Desktop\Norton Online Backup.lnk
2014-05-09 12:05 - 2014-05-09 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2014-05-09 11:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-09 11:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-09 10:57 - 2013-11-25 20:32 - 00000000 ____D () C:\Users\Arran\AppData\Roaming\Systweak
2014-05-09 10:57 - 2013-11-21 18:19 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\Systweak
2014-05-09 10:56 - 2013-11-21 18:21 - 00000000 ____D () C:\ProgramData\Systweak
2014-05-09 10:55 - 2011-01-16 11:08 - 00000000 ____D () C:\Users\holly
2014-05-09 10:49 - 2014-05-09 10:50 - 00002478 _____ () C:\Users\katrina\Desktop\logfile.xml
2014-05-09 08:44 - 2014-05-09 08:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-09 08:10 - 2014-05-09 08:10 - 00000000 ____D () C:\Users\katrina\AppData\Local\{5DDE59A1-171B-423E-9044-E63A170ED80D}
2014-05-09 08:10 - 2012-07-18 08:43 - 00000000 ____D () C:\Users\katrina\AppData\Local\CrashDumps
2014-05-09 08:10 - 2011-01-15 18:45 - 00000000 ____D () C:\Users\katrina\Tracing
2014-05-09 07:14 - 2014-05-15 13:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 07:11 - 2014-05-15 13:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 21:16 - 2014-05-08 21:16 - 00000000 ____D () C:\Windows\pss
2014-05-08 18:38 - 2014-05-08 18:38 - 00000000 ____D () C:\Users\katrina\AppData\Local\{CD90BCBC-4836-4FC4-93E8-7D22858133EB}
2014-05-07 08:54 - 2014-05-07 08:54 - 00000000 ____D () C:\Users\katrina\AppData\Local\{61B79630-3A43-4CD9-82A9-700A52DBB52E}
2014-05-06 11:23 - 2014-05-04 16:52 - 00000000 ____D () C:\Users\katrina\AppData\Local\{F7A1D24D-2C93-4939-88D3-DADFA790FD3C}
2014-05-06 05:40 - 2014-05-15 21:19 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:17 - 2014-05-15 21:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:25 - 2014-05-15 21:19 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 04:07 - 2014-05-15 21:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 04:00 - 2014-05-15 21:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 03:10 - 2014-05-15 21:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 17:17 - 2012-12-30 21:53 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForKATRINA-HP$.job
2014-05-04 17:16 - 2012-12-30 21:53 - 00003222 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKATRINA-HP$
2014-05-03 22:55 - 2011-12-18 13:52 - 00358552 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-05-01 17:51 - 2014-05-01 17:51 - 00004663 _____ () C:\Users\katrina\Desktop\_GEAREXT.WO_IDENT.TXT
2014-04-28 22:33 - 2011-10-13 17:55 - 00000904 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1001Core.job
2014-04-27 22:43 - 2014-04-27 22:43 - 00002785 _____ () C:\Users\katrina\Downloads\HOW_DECRYPT.HTML
2014-04-27 22:43 - 2014-04-27 22:43 - 00002785 _____ () C:\Users\katrina\Documents\HOW_DECRYPT.HTML
2014-04-27 22:43 - 2014-04-27 22:43 - 00001267 _____ () C:\Users\katrina\Downloads\HOW_DECRYPT.TXT
2014-04-27 22:43 - 2014-04-27 22:43 - 00001267 _____ () C:\Users\katrina\Documents\HOW_DECRYPT.TXT
2014-04-27 22:43 - 2014-04-27 22:43 - 00000135 _____ () C:\Users\katrina\Downloads\HOW_DECRYPT.URL
2014-04-27 22:43 - 2014-04-27 22:43 - 00000135 _____ () C:\Users\katrina\Documents\HOW_DECRYPT.URL
2014-04-27 22:43 - 2013-11-19 22:14 - 00000000 ____D () C:\Users\katrina\Documents\Optimizer Pro
2014-04-27 22:43 - 2013-11-19 22:12 - 00000000 ____D () C:\Users\katrina\Documents\PC Health Kit
2014-04-27 22:43 - 2013-10-27 22:35 - 00012118 _____ () C:\Users\katrina\Documents\steph zumba.txt
2014-04-27 22:43 - 2013-09-19 14:36 - 00000000 ____D () C:\Users\katrina\Documents\Outlook Files
2014-04-27 22:43 - 2013-06-13 16:14 - 00795222 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-know-how-to-support-clients (1).ppt
2014-04-27 22:43 - 2013-06-13 15:43 - 00795222 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-know-how-to-support-clients.ppt
2014-04-27 22:43 - 2013-06-05 18:53 - 00254294 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1 (6).ppt
2014-04-27 22:43 - 2013-06-05 18:50 - 00254294 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1 (5).ppt
2014-04-27 22:43 - 2013-06-03 11:10 - 00254294 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1 (4).ppt
2014-04-27 22:43 - 2013-06-03 11:07 - 00251222 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1 (3).ppt
2014-04-27 22:43 - 2013-06-03 11:06 - 00254294 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1 (2).ppt
2014-04-27 22:43 - 2013-05-20 14:51 - 00251222 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1 (1).ppt
2014-04-27 22:43 - 2013-05-20 14:49 - 00254294 _____ () C:\Users\katrina\Downloads\cyq-pp-l2-health-safety-welfare-1.ppt
2014-04-27 22:43 - 2011-02-28 23:42 - 00000000 __RSD () C:\Users\katrina\Documents\My Stationery
2014-04-27 22:42 - 2011-01-16 00:33 - 00000000 ____D () C:\Users\katrina\Documents\Intelli-studio
2014-04-27 17:35 - 2011-02-02 22:19 - 00000000 ____D () C:\Users\katrina\Documents\CyberLink
2014-04-27 17:24 - 2014-04-27 17:24 - 00002785 _____ () C:\Users\katrina\AppData\Roaming\HOW_DECRYPT.HTML
2014-04-27 17:24 - 2014-04-27 17:24 - 00002785 _____ () C:\Users\katrina\AppData\HOW_DECRYPT.HTML
2014-04-27 17:24 - 2014-04-27 17:24 - 00001267 _____ () C:\Users\katrina\AppData\Roaming\HOW_DECRYPT.TXT
2014-04-27 17:24 - 2014-04-27 17:24 - 00001267 _____ () C:\Users\katrina\AppData\HOW_DECRYPT.TXT
2014-04-27 17:24 - 2014-04-27 17:24 - 00000135 _____ () C:\Users\katrina\AppData\Roaming\HOW_DECRYPT.URL
2014-04-27 17:24 - 2014-04-27 17:24 - 00000135 _____ () C:\Users\katrina\AppData\HOW_DECRYPT.URL
2014-04-27 17:24 - 2014-03-15 00:56 - 00038486 _____ () C:\Users\katrina\Desktop\Friday 14th March.pptm
2014-04-27 17:24 - 2013-09-02 22:53 - 00000000 ____D () C:\Users\katrina\Desktop\Holly's school work
2014-04-27 17:24 - 2012-08-29 07:54 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\Skype
2014-04-27 17:24 - 2012-05-05 22:36 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\MP3Rocket
2014-04-27 17:22 - 2014-04-27 17:22 - 00000000 __SHD () C:\Users\katrina\AppData\Local\EmieUserList
2014-04-27 17:22 - 2014-04-27 17:22 - 00000000 __SHD () C:\Users\katrina\AppData\Local\EmieSiteList
2014-04-27 17:22 - 2014-04-27 17:22 - 00000000 ____D () C:\Users\katrina\AppData\Local\{809CC404-E2BF-4194-9A85-788B335E2186}
2014-04-26 11:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-04-26 10:46 - 2014-04-26 10:41 - 00000000 ____D () C:\Users\katrina\AppData\Local\{3606C9CB-965A-47F2-B3D4-3E71B4A5D70D}
2014-04-25 08:16 - 2013-11-19 22:08 - 00000000 ____D () C:\ProgramData\Internet Helper Anti-phishing
2014-04-25 07:57 - 2011-01-16 00:25 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\Intelli-studio
2014-04-25 07:56 - 2013-08-28 22:33 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\Babylon
2014-04-25 07:56 - 2013-08-28 22:33 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\BabSolution
2014-04-25 07:56 - 2011-02-02 22:19 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\CyberLink
2014-04-25 07:56 - 2011-01-15 18:16 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\Adobe
2014-04-25 07:55 - 2014-04-25 07:55 - 00002785 _____ () C:\Users\katrina\AppData\Local\HOW_DECRYPT.HTML
2014-04-25 07:55 - 2014-04-25 07:55 - 00001267 _____ () C:\Users\katrina\AppData\Local\HOW_DECRYPT.TXT
2014-04-25 07:55 - 2014-04-25 07:55 - 00000135 _____ () C:\Users\katrina\AppData\Local\HOW_DECRYPT.URL
2014-04-25 07:55 - 2011-01-15 16:57 - 00000000 ____D () C:\Users\katrina\AppData\Local\VirtualStore
2014-04-25 07:48 - 2012-11-22 22:53 - 00000000 ____D () C:\Users\katrina\AppData\Local\Google
2014-04-25 07:47 - 2011-04-07 12:05 - 00000000 ____D () C:\Users\katrina\AppData\Local\Apple Computer
2014-04-24 22:25 - 2014-04-24 22:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-24 22:25 - 2014-04-24 22:25 - 00000000 ____D () C:\Users\Administrator
2014-04-24 22:00 - 2014-04-24 22:00 - 00002785 _____ () C:\ProgramData\HOW_DECRYPT.HTML
2014-04-24 22:00 - 2014-04-24 22:00 - 00001267 _____ () C:\ProgramData\HOW_DECRYPT.TXT
2014-04-24 22:00 - 2014-04-24 22:00 - 00000135 _____ () C:\ProgramData\HOW_DECRYPT.URL
2014-04-24 22:00 - 2010-08-17 09:48 - 00000000 ____D () C:\ProgramData\WildTangent
2014-04-24 21:57 - 2014-04-24 09:17 - 00000000 ____D () C:\Users\katrina\AppData\Local\{5476F88E-F63E-41D8-AC01-0DD1906063CD}
2014-04-24 16:41 - 2012-08-27 21:38 - 00000000 ____D () C:\ProgramData\Skype
2014-04-24 16:41 - 2010-07-12 00:23 - 00000000 ____D () C:\ProgramData\Symantec
2014-04-24 15:16 - 2014-01-13 01:13 - 00000000 ____D () C:\ProgramData\Free Download Manager

Files to move or delete:
====================
C:\ProgramData\iljr.bat
C:\ProgramData\iljr.reg
C:\ProgramData\rjli.dat

Some content of TEMP:
====================
C:\Users\graham\AppData\Local\Temp\gKC0fl8ZT3ttXs.exe
C:\Users\graham\AppData\Local\Temp\P1kAlMiG2Kb7Fz.exe
C:\Users\holly\AppData\Local\Temp\0.556863473486322.exe
C:\Users\holly\AppData\Local\Temp\ixl0avuz.dll
C:\Users\holly\AppData\Local\Temp\setup.exe
C:\Users\kari\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\katrina\AppData\Local\Temp\01384890345329.exe
C:\Users\katrina\AppData\Local\Temp\air1B14.exe
C:\Users\katrina\AppData\Local\Temp\air6D55.exe
C:\Users\katrina\AppData\Local\Temp\air9BB3.exe
C:\Users\katrina\AppData\Local\Temp\air9D4.exe
C:\Users\katrina\AppData\Local\Temp\airB167.exe
C:\Users\katrina\AppData\Local\Temp\Extract.exe
C:\Users\katrina\AppData\Local\Temp\fdminst.exe
C:\Users\katrina\AppData\Local\Temp\FreeDownloadManager.exe
C:\Users\katrina\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\katrina\AppData\Local\Temp\HPQSi.exe
C:\Users\katrina\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\katrina\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\katrina\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\katrina\AppData\Local\Temp\Resource.exe
C:\Users\katrina\AppData\Local\Temp\SkypeSetup.exe
C:\Users\katrina\AppData\Local\Temp\SP50718.exe
C:\Users\katrina\AppData\Local\Temp\SP51650.exe
C:\Users\katrina\AppData\Local\Temp\SP51976.exe
C:\Users\katrina\AppData\Local\Temp\sp54620.exe
C:\Users\katrina\AppData\Local\Temp\sp58915.exe
C:\Users\katrina\AppData\Local\Temp\sp64126.exe
C:\Users\katrina\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\katrina\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\katrina\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\katrina\AppData\Local\Temp\{2B94AA65-2C3C-41DE-BF99-6F6AF4FEE79F}-29.0.1547.57_28.0.1500.95_chrome_updater.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-24 09:33

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-05-2014
Ran by katrina at 2014-05-24 13:48:58
Running from C:\Users\katrina\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ApptoU (HKLM-x32\...\{01B91C29-337A-1FFD-7CFC-473451D2F861}) (Version:  - ApPtoU)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.1.0 - Ask.com) <==== ATTENTION
AVG (HKLM\...\AvgZen) (Version: 1.0.229 - AVG Technologies)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
AVG Zen (Version: 1.0.229 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deal4real (HKLM-x32\...\{2FA77785-00C3-A920-6452-D4FE5C9C129F}) (Version:  - deAl4reAl)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
EuxtRaShoppper (HKLM-x32\...\{7BCAC0EB-3993-2416-0531-848C39DF8B65}) (Version:  - ExtRaSShopipeeRo)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FMW 1 (Version: 1.0.178 - AVG) Hidden
Free Download Manager 3.9.3 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
IcouValid (HKLM-x32\...\{1903B77F-7D60-3EBE-6065-C66F9363854A}) (Version:  - IcoVVAAllid) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Internet Helper Anti-phishing (HKLM-x32\...\Internet Helper Anti-phishing) (Version: 1.3.1.0 - Internet Helper (Powered by Panda Security))
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KODAK Share Button App (HKLM-x32\...\{19F1A99A-196F-4D18-BC36-C1DAD6ABCCF3}) (Version: 4.00.0000.0000 - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007F-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version:  - )
MP3 Rocket Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.22229 - Ask.com) <==== ATTENTION
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - MyPC Backup) <==== ATTENTION
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{C6173775-C676-4E2A-9232-66E17261E614}) (Version: 2.9.0.19 - Symantec Corporation)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - PC Utilities Software Limited) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
QuickShare (HKLM-x32\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION
Rapport (Version: 3.5.1205.15 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1307.76 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version:  - )
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
Systweak PhotoStudio 2.1 (HKLM-x32\...\PhotoStudio_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1) (Version: 2.1.2954.85 - Systweak Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.76 - Trusteer)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

06-05-2014 10:24:56 Windows Update
07-05-2014 07:58:08 Windows Update
08-05-2014 17:40:37 Windows Update
09-05-2014 06:30:35 Windows Update
09-05-2014 14:06:22 Installed AVG 2014
09-05-2014 14:15:11 Installed AVG 2014
09-05-2014 16:21:52 Windows Update
15-05-2014 19:42:49 Installed Rapport
15-05-2014 19:55:26 Windows Update
19-05-2014 06:41:11 Windows Update
19-05-2014 16:40:12 Installed HP Support Assistant
19-05-2014 17:07:20 Windows Modules Installer
19-05-2014 17:10:23 Windows Modules Installer
19-05-2014 17:15:08 Windows Update
20-05-2014 13:15:32 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {07A68E2B-636B-43C5-9CA3-C78C787C701D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0CD05A34-FF90-4468-A8C2-4085050A3A1E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1001UA => C:\Users\holly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {131F1573-CC0F-4CEC-B364-803E75139FD0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1001Core => C:\Users\holly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {20894F4C-D89E-4F6C-A229-088A891F2802} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {29BFB790-BD95-4BE1-B5F0-021AE65DEAFF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1002UA => C:\Users\kari\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16] (Facebook Inc.)
Task: {2AD4E6E6-2768-46B9-9F51-747FF705C200} - System32\Tasks\HPCeeScheduleForKATRINA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {30596E45-602D-45C2-B9F0-AD244B781031} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {343477F9-7EF9-4799-A1C5-B5F86467DC59} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-04-09] () <==== ATTENTION
Task: {3CA30DB2-C808-40CE-A4B2-3BBB08FC6508} - System32\Tasks\{E2B2A50E-6BE1-4B32-B4EA-0E3CF278B60B} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603
Task: {408F6AC8-13D3-4772-981E-0699155E7CFE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4F85C08E-C951-4ACB-8B1A-2847F2568667} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {51983934-E3AF-4EA5-9C29-E941CB637042} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {54BD1B70-BB54-4E89-990D-152DCD9746B0} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2011-09-22] (Eastman Kodak Company)
Task: {6F527ED5-CBC1-41AD-B32C-9332104866CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {7AD6443C-BED9-4D0D-AD81-A7265D64A8B8} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {8C6CB20F-492C-4BBD-A440-FA21FD990AD7} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {8CAA16CE-A072-41F0-8BC4-047C7BD70983} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {A8A2BB40-529D-434E-BBE7-C83CC91CDBF1} - System32\Tasks\{D5362D0D-BA4C-49D1-BDCC-EA0D421624D5} => Chrome.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/go/help.faq.installer?LastError=1603
Task: {BBA4F776-6EB7-4B21-B4C6-D68AEFBC8C93} - System32\Tasks\{83B57FF7-1890-42D9-902B-DD29A70B6A5F} => Iexplore.exe http://ui.skype.com/ui/0/4.2.0.166.321/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {BCF150A0-5349-4408-8DD0-FE276108432E} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [2013-09-19] (MyPCBackup.com) <==== ATTENTION
Task: {C4AEFCF8-EC17-42DF-9D6F-15F79FA5B34E} - System32\Tasks\{71DCEFFE-EBFB-4735-9B44-246CE270F59C} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603
Task: {D1233A2E-FD8D-47F4-BC5E-9ABB4F5E7889} - System32\Tasks\HPCeeScheduleForkatrina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {DE9247B0-0BE6-43D1-9159-6B8AAD7394A2} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {E8ACF2DE-2229-42C7-985E-D828C3FD3968} - System32\Tasks\{C5A9BAC2-5C6E-4B77-9408-691143BDBE93} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603
Task: {F2F9F4B3-0F6D-4FA6-93BD-E060DB1C4346} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1002Core => C:\Users\kari\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16] (Facebook Inc.)
Task: {F4DB193D-284D-4BF1-8986-E22767359ABF} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1001Core.job => C:\Users\holly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1001UA.job => C:\Users\holly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1002Core.job => C:\Users\kari\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2400530217-1677791121-3577320560-1002UA.job => C:\Users\kari\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKATRINA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForkatrina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-09-19 23:37 - 2013-09-19 23:37 - 03889152 _____ () C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll
2013-09-19 23:32 - 2013-09-19 23:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D346F792

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^548621e.exe => C:\Windows\pss\548621e.exe.Startup
MSCONFIG\startupfolder: C:^Users^katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: 548621 => C:\548621e\548621e.exe
MSCONFIG\startupreg: 548621e => C:\Users\katrina\AppData\Roaming\548621e.exe
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\katrina\AppData\Local\Smartbar\Application\QuickShare.exe startup
MSCONFIG\startupreg: DriverScanner => "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: Free Download Manager => "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: Internet Helper Anti-phishing => "C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NTRedirect => C:\Windows\SysWOW64\rundll32.exe "C:\Users\katrina\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PC Health Kit => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: sollenh => rundll32 "C:\Users\katrina\AppData\Local\sollenh.dll",sollenh
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2014 01:26:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (05/24/2014 00:34:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (05/24/2014 00:08:09 PM) (Source: MsiInstaller) (EventID: 1024) (User: katrina-HP)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/24/2014 10:37:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 187154

Error: (05/24/2014 10:37:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 187154

Error: (05/24/2014 10:37:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2014 10:37:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 171617

Error: (05/24/2014 10:37:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 171617

Error: (05/24/2014 10:37:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2014 10:36:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 155970

System errors:
=============
Error: (05/24/2014 01:46:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/24/2014 01:46:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/24/2014 01:46:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/24/2014 01:45:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/24/2014 01:45:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/24/2014 01:45:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/24/2014 01:45:25 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/24/2014 01:45:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/24/2014 01:45:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/24/2014 01:45:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (05/24/2014 01:26:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (05/24/2014 00:34:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (05/24/2014 00:08:09 PM) (Source: MsiInstaller) (EventID: 1024) (User: katrina-HP)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (05/24/2014 10:37:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 187154

Error: (05/24/2014 10:37:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 187154

Error: (05/24/2014 10:37:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2014 10:37:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 171617

Error: (05/24/2014 10:37:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 171617

Error: (05/24/2014 10:37:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2014 10:36:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 155970

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3998.92 MB
Available physical RAM: 3275.55 MB
Total Pagefile: 7996.02 MB
Available Pagefile: 7311.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.17 GB) (Free:318.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.29 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 80F49AF4)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:28 AM

Posted 24 May 2014 - 03:19 PM

Hi Robert,

Thanks for keeping me updated on the current state of your computer. That helps a lot. :thumbsup:

Thank you for your patience. There was quite a bit for me to review and respond to. Your computer is quite ill. There is a lot for you to consider and accomplish in this first post so if you need to please feel free to take your time reviewing the information and completing the steps outlined.

Before we begin I must advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

AVG Internet Security 2014
Norton Internet Security


===================================================

Use of Registry Cleaner Not Recommended

--------------------

BleepingComputer DOES NOT recommend the use of registry cleaners/optimizers or the registry cleaner component of software for several reasons:
  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
    • The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
  • Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
If you persist in using a registry cleaner you should always backup the registry before doing so.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-2400530217-1677791121-3577320560-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\katrina\AppData\Local\Temp\scpiyyb\syjjjyx\wow.dll ATTENTION! ====> ZeroAccess?
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKBIpNolJDHnMo-NpUgxWidLUf-n67uyvfk_JCcQILGkjEx1yHj4wPosLpG-splDx1bKhrNPzf5gBEOkYnwWsP0XFWtKOLsIHx-Fq9cxqM4t5gVov061DK7YaYtACVVdO3RqbQPZ-ne2yI,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKBIpNolJDHnMo-NpUgxWidLUf-n67uyvfk_JCcQILGkjEx1yHj4wPosLpG-splDx1bKhrNPzf5gBEOkYnwWsP0XFWtKOLsIHx-Fq9cxqM4t5gVov061DK7YaYtACVVdO3RqbQPZ-ne2yI,&q={searchTerms}
BHO: ApptoU - {5DC89B11-95AE-391B-73D4-5B9016CCB039} - C:\ProgramData\ApptoU\ikF2.x64.dll ()
BHO: LuCiKKyCoupaon - {8E2BCED6-EB31-D505-E907-3B22CF7BB1E0} - C:\ProgramData\LuCiKKyCoupaon\5.x64.dll ()
BHO: deal4real - {BB5A7DD3-BB1E-9413-9776-6DC536BBD07B} - C:\ProgramData\deal4real\oYId55yr.x64.dll ()
BHO: IcouValid - {C234C7BC-12DB-4389-4952-4711A2C14908} - C:\ProgramData\IcouValid\eF6DX3N.x64.dll ()
BHO: leeeSs2paaY - {FD016E09-EF94-D88B-4657-DC5F32CA9A02} - C:\ProgramData\leeeSs2paaY\dm.x64.dll ()
BHO-x32: MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
\\?\globalroot\Device\HarddiskVolume2\Users\katrina\AppData\Local\Temp\scpiyyb\syjjjyx\wow.dll
C:\ProgramData\ApptoU
C:\ProgramData\LuCiKKyCoupaon
C:\ProgramData\deal4real
C:\ProgramData\IcouValid
C:\ProgramData\leeeSs2paaY
2014-05-19 17:37 - 2014-05-19 17:38 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-15 13:51 - 2014-04-24 15:14 - 00000000 ___HD () C:\548621e
2014-05-15 13:51 - 2011-01-16 15:18 - 00000000 ____D () C:\Users\katrina\AppData\Roaming\Otemw
2014-05-15 13:30 - 2013-11-19 20:46 - 00000000 ____D () C:\Users\katrina\AppData\Local\Odrics
C:\ProgramData\iljr.bat
C:\ProgramData\iljr.reg
C:\ProgramData\rjli.dat
C:\Users\graham\AppData\Local\Temp\gKC0fl8ZT3ttXs.exe
C:\Users\graham\AppData\Local\Temp\P1kAlMiG2Kb7Fz.exe
C:\Users\holly\AppData\Local\Temp\0.556863473486322.exe
C:\Users\holly\AppData\Local\Temp\ixl0avuz.dll
C:\Users\holly\AppData\Local\Temp\setup.exe
C:\Users\kari\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\katrina\AppData\Local\Temp\01384890345329.exe
C:\Users\katrina\AppData\Local\Temp\air1B14.exe
C:\Users\katrina\AppData\Local\Temp\air6D55.exe
C:\Users\katrina\AppData\Local\Temp\air9BB3.exe
C:\Users\katrina\AppData\Local\Temp\air9D4.exe
C:\Users\katrina\AppData\Local\Temp\airB167.exe
C:\Users\katrina\AppData\Local\Temp\Extract.exe
C:\Users\katrina\AppData\Local\Temp\fdminst.exe
C:\Users\katrina\AppData\Local\Temp\FreeDownloadManager.exe
C:\Users\katrina\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\katrina\AppData\Local\Temp\HPQSi.exe
C:\Users\katrina\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\katrina\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\katrina\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\katrina\AppData\Local\Temp\Resource.exe
C:\Users\katrina\AppData\Local\Temp\SkypeSetup.exe
C:\Users\katrina\AppData\Local\Temp\SP50718.exe
C:\Users\katrina\AppData\Local\Temp\SP51650.exe
C:\Users\katrina\AppData\Local\Temp\SP51976.exe
C:\Users\katrina\AppData\Local\Temp\sp54620.exe
C:\Users\katrina\AppData\Local\Temp\sp58915.exe
C:\Users\katrina\AppData\Local\Temp\sp64126.exe
C:\Users\katrina\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\katrina\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\katrina\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\katrina\AppData\Local\Temp\{2B94AA65-2C3C-41DE-BF99-6F6AF4FEE79F}-29.0.1547.57_28.0.1500.95_chrome_updater.exe
C:\Program Files (x86)\Ask.com
Task: {343477F9-7EF9-4799-A1C5-B5F86467DC59} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-04-09] () <==== ATTENTION
Task: {DE9247B0-0BE6-43D1-9159-6B8AAD7394A2} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D346F792
Folder: C:\548621e
Folder: C:\Users\katrina\AppData\Roaming\Otemw
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
MyPC Backup
Ask Toolbar
Delta Chrome Toolbar
IcouValid
MP3 Rocket Toolbar Updater
QuickShare
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to uninstall an Antivirus program?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Were you able to uninstall the programs using Revo Uninstaller?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 peddier

peddier
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 25 May 2014 - 01:36 PM

Hi Gary

 

Thanks for the detailed response. This is a friends computer and I have spoken to her and she would like to try and clean it up as is as it won't be used for banking etc.

 

I am currently working my way through the steps detailed above and will respond when complete

 

Regards

 

Robert



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:28 AM

Posted 25 May 2014 - 02:35 PM

Thanks Robert. I know I threw a lot at you all at once so I figured this may take a bit to work through.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 peddier

peddier
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 26 May 2014 - 01:57 AM

Hi Gary

 

Running Revo now and out of the programs you have listed these 3 are no longer on the list.

 

As advised, I have stopped for now..

 

My PC Backup
Ask Toolbar
Delta Chrome Toolbar

 

Robert



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:28 AM

Posted 26 May 2014 - 08:10 AM

Thank you Rob,

Those 3 are annoyances we can deal with manually but I don't think they are the cause of potential malware symptoms. Could you double check to see if they are listed in Programs and Features? Click Start, Control Panel, Programs and Features. If there, please delete them that way.

 

Please post the requested logs so I can see how much was deleted.

Can you update me on how the computer is running now? Any progress?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users