Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.viknok Activity 3 popup blocked message from Norton


  • This topic is locked This topic is locked
23 replies to this topic

#1 lego7191

lego7191

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 04 July 2014 - 09:16 PM

Hi.

I am getting a small pop up every few seconds from my Norton software in the bottom right corner of my screen that says Norton blocked an attack by: System Infected:  Trojan.Viknok Activity 3.

I have already ran virus software updates and a full scan.  Ran Norton Power Eraser but it came back with a message about reinstalling the windows software dll file or something to that effect.

 

If I click on view details, it shows an ip address and some other info about the virus.

 

I am not a computer pro so would appreciate any step-by-step instructions on how to get rid of this.  Thank you!



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:26 PM

Posted 05 July 2014 - 11:09 AM

Hi lego7191 and Welcome to BleepingComputer !

 

I'm still in training for malware removal and my responses have to be approved before I can post them to you, therefore there will be a little delay between each post.

 

Next time when you get another pop-up from Norton alerting you about the infection can you click View Details and copy and paste the contents into your next reply.

 

Also can you tell me What operating System you are running and if it's 32 or 64 bit.

If you are unsure what you're system bit type is..... click Here for help.


 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 lego7191

lego7191
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 05 July 2014 - 09:06 PM

Hi!  Thanks so much for helping!  Delay in responses is not a problem at all.  I am super grateful for the help.

 

I am running Windows 7 Profession, 64-bit.

 

I clicked on the "view details" from one of the little pop up boxes and it says:

An intrusion attempt by 88.198.188.103 was blocked. 

An intrusion attempt by forteen-meters7.me was blocked.  (the notices have various intrusion attempts from various IPs or computers)

(There are tons of those notes in the security history screen)

And on the right hand side, it shows attacking computer IP, attacking URL, destination address (my computer), source address, traffic description.  I got a screen shot of it and have posted that.  These little pop up boxes are literally every few seconds, they all say they are blocked.

 

Thanks again in advance for any help!

Attached Files


Edited by lego7191, 05 July 2014 - 09:08 PM.


#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:26 PM

Posted 06 July 2014 - 12:18 PM



Hi lego7191

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Before we start I would like to inform you that this infection may steal Bank Information. I would recommend changing your password's on a different machine if you use this machine for Banking or log into any websites.

Step 1

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

Step 2

We need to do a search with Farbar's Recovery Scan Tool

Open up Farbar's Recovery Scan Tool

Type the following in the edit box after "Search:".

rcpcss.dll


It then should look like:

Search: rcpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.
 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 lego7191

lego7191
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 06 July 2014 - 06:52 PM

FRST text:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Leslie (administrator) on LESLIE-PC on 06-07-2014 19:40:17
Running from C:\Users\Leslie\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\Leslie\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe [410912 2013-02-04] (Wondershare Software)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-06-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe [1960008 2013-09-28] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3399242083-3682402275-1375265184-1000\...\MountPoints2: {05dbcfd1-2797-11e2-a757-0023ae1b677a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3399242083-3682402275-1375265184-1000\...\MountPoints2: {eaf186b7-845c-11e1-8aae-0023ae1b677a} - D:\KODAK_Camera_Setup_App.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Leslie\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtBtA0A0EtC0ByCyByB0A0DtB0FyEtN0D0Tzu0CyBzzyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1473590204&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtBtA0A0EtC0ByCyByB0A0DtB0FyEtN0D0Tzu0CyBzzyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1473590204&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {972F900E-8529-4AF2-A651-504F5EAF0D50} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={68435408-E665-11E2-81D4-0023AE1B677A}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324415&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB3E77D17-124C-451B-B0AC-30297FC64544&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324415&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB3E77D17-124C-451B-B0AC-30297FC64544&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0F715E9D-27DE-45EE-8DCB-DB8725E76D11} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=8D3E67B7-CB26-4474-9E1E-6976BB16B5D1&apn_sauid=A359C0B1-CABF-479D-B6E5-A3A641DE723C
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN36056773121651025&UM=2
SearchScopes: HKCU - {972F900E-8529-4AF2-A651-504F5EAF0D50} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtBtA0A0EtC0ByCyByB0A0DtB0FyEtN0D0Tzu0CyBzzyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1473590204&ir=
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={68435408-E665-11E2-81D4-0023AE1B677A}&crg=3.5000006.10045&st=23
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Wondershare AllMyTube - {1373BA72-5012-496e-9F72-7A426DCF78BB} - C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: HKLM-x32 {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} http://actiftp.hosting4less.com/ACTIGENERAL/AP&Manual/Live%20Demo/nvUnifiedControl.ocx
Tcpip\Parameters: [DhcpNameServer] 24.178.162.3 24.159.64.23 66.189.0.100 192.168.1.1 24.178.162.3 24.159.64.23 66.189.0.100

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-04]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt
FF Extension: Wondershare AllMyTube - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt [2013-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-26]
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2014-02-24]
FF HKCU\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt
FF Extension: Wondershare AllMyTube - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt [2013-04-14]

==================== Services (Whitelisted) =================

R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RpcSs; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-14] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140703.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140706.002\ENG64.SYS [126040 2014-01-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140706.002\EX64.SYS [2099288 2014-01-26] (Symantec Corporation)
R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-07-04] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-06 19:40 - 2014-07-06 19:41 - 00023089 _____ () C:\Users\Leslie\Desktop\FRST.txt
2014-07-06 19:38 - 2014-07-06 19:40 - 00000000 ____D () C:\FRST
2014-07-06 19:37 - 2014-07-06 19:37 - 02084352 _____ (Farbar) C:\Users\Leslie\Desktop\FRST64.exe
2014-07-04 21:47 - 2014-07-04 21:48 - 00000000 ____D () C:\NPE
2014-07-04 21:46 - 2014-07-04 21:46 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2014-07-04 21:45 - 2014-07-04 21:57 - 00000000 ____D () C:\Users\Leslie\AppData\Local\NPE
2014-07-04 20:46 - 2014-07-04 20:46 - 00321220 ____S () C:\Windows\system32\bkph.olx
2014-07-04 20:37 - 2014-07-04 20:37 - 00000000 ____D () C:\Users\Leslie\AppData\Local\{7038A6DB-6949-4A74-B64B-321F229EF7EB}
2014-06-21 01:40 - 2014-07-04 21:47 - 00000380 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Leslie.job
2014-06-21 01:40 - 2014-07-04 21:02 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Leslie.job
2014-06-21 01:40 - 2014-07-04 18:51 - 00002968 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Leslie
2014-06-21 01:40 - 2014-07-04 18:51 - 00002964 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Leslie
2014-06-21 01:40 - 2014-07-04 18:51 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Leslie.job
2014-06-21 01:40 - 2014-06-21 01:40 - 00003618 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Leslie
2014-06-21 01:40 - 2014-06-21 01:40 - 00002672 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Leslie
2014-06-15 12:01 - 2014-06-15 12:01 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-06-14 18:54 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-14 18:54 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-14 18:54 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-14 18:54 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-14 18:54 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-14 18:54 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-14 18:54 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-14 18:54 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-14 18:54 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-14 18:54 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-14 18:54 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-14 18:54 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-14 18:53 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-14 18:53 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-14 18:53 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-14 18:53 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-14 18:53 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-14 18:53 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-14 18:53 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-14 18:53 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-14 18:53 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-14 18:53 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-14 18:53 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-14 18:53 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-14 18:53 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-14 18:53 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-14 18:53 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-14 18:53 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-14 18:53 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-14 18:53 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-14 18:53 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-14 18:53 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-14 18:53 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-14 18:53 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-14 18:53 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-14 18:53 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-14 18:53 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-14 18:53 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-14 18:53 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-14 18:53 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-14 18:53 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-14 18:53 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-14 18:53 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-14 18:53 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-14 18:53 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-14 18:53 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-14 18:53 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-14 18:53 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-14 18:53 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-14 18:53 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-14 18:53 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-14 18:53 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-14 18:53 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-14 18:53 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-14 18:53 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-14 18:53 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-14 18:53 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-14 18:53 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-14 18:53 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-14 18:53 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-14 18:53 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-14 18:53 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-14 18:53 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-14 18:53 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-14 18:52 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-14 18:52 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-07-06 19:41 - 2014-07-06 19:40 - 00023089 _____ () C:\Users\Leslie\Desktop\FRST.txt
2014-07-06 19:40 - 2014-07-06 19:38 - 00000000 ____D () C:\FRST
2014-07-06 19:37 - 2014-07-06 19:37 - 02084352 _____ (Farbar) C:\Users\Leslie\Desktop\FRST64.exe
2014-07-06 19:37 - 2012-01-23 18:35 - 01455539 _____ () C:\Windows\WindowsUpdate.log
2014-07-06 19:27 - 2012-01-23 16:42 - 00000000 ____D () C:\Users\Leslie\AppData\Local\Adobe
2014-07-05 22:02 - 2009-07-14 00:45 - 00035328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-05 22:02 - 2009-07-14 00:45 - 00035328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-05 21:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-04 21:57 - 2014-07-04 21:45 - 00000000 ____D () C:\Users\Leslie\AppData\Local\NPE
2014-07-04 21:57 - 2012-12-17 01:27 - 00000000 ____D () C:\Users\Leslie\AppData\Roaming\Real
2014-07-04 21:48 - 2014-07-04 21:47 - 00000000 ____D () C:\NPE
2014-07-04 21:47 - 2014-06-21 01:40 - 00000380 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Leslie.job
2014-07-04 21:47 - 2014-02-09 02:47 - 00003230 _____ () C:\Windows\setupact.log
2014-07-04 21:47 - 2010-11-20 23:47 - 00941536 _____ () C:\Windows\PFRO.log
2014-07-04 21:47 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 21:46 - 2014-07-04 21:46 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2014-07-04 21:46 - 2012-01-23 19:58 - 00000000 ____D () C:\ProgramData\Norton
2014-07-04 21:02 - 2014-06-21 01:40 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Leslie.job
2014-07-04 20:46 - 2014-07-04 20:46 - 00321220 ____S () C:\Windows\system32\bkph.olx
2014-07-04 20:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-07-04 20:37 - 2014-07-04 20:37 - 00000000 ____D () C:\Users\Leslie\AppData\Local\{7038A6DB-6949-4A74-B64B-321F229EF7EB}
2014-07-04 18:51 - 2014-06-21 01:40 - 00002968 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Leslie
2014-07-04 18:51 - 2014-06-21 01:40 - 00002964 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Leslie
2014-07-04 18:51 - 2014-06-21 01:40 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Leslie.job
2014-07-01 11:29 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 23:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-26 17:56 - 2012-01-30 21:12 - 00000000 ____D () C:\Users\Leslie\AppData\Local\CutePDF Writer
2014-06-21 01:40 - 2014-06-21 01:40 - 00003618 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Leslie
2014-06-21 01:40 - 2014-06-21 01:40 - 00002672 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Leslie
2014-06-15 12:01 - 2014-06-15 12:01 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-06-15 11:53 - 2012-08-27 17:35 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-06-15 11:52 - 2014-01-26 23:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-06-15 11:52 - 2012-08-27 17:36 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-15 11:52 - 2012-08-27 17:36 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-06-15 11:50 - 2013-07-15 21:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-15 11:47 - 2012-01-23 16:19 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-15 11:46 - 2012-01-24 19:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-15 11:42 - 2014-05-08 19:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 05:13 - 2014-06-14 18:52 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-14 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Files to move or delete:
====================
C:\Users\Leslie\CTX.DAT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0528384 ____A (Microsoft Corporation) EE31346B5A3BA3EC54CFFB050B316650

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-30 18:14

==================== End Of Log ============================

 

 

Addition Text:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Leslie at 2014-07-06 19:41:54
Running from C:\Users\Leslie\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.2.232 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bitcoin (HKCU\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0.9.1.2 - Ezvid, inc.)
Free YouTube Downloader 3.5.187 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.7102 - HRB Technology, LLC.)
H&R Block Georgia 2011 (HKLM-x32\...\{76ADF6B8-FB83-4358-8502-9FCDFD3C7AA0}) (Version: 1.11.2001 - HRB Technology, LLC.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iPad/iPhone/iPod to Computer Transfer 7.7.7 (HKLM\...\Cucusoft iPad/iPhone/iPod to Computer Transfer_is1) (Version:  - Cucusoft, Inc.)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lagarith lossless video codec (Remove Only) (HKLM-x32\...\LAGARITH) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XML Parser (x32 Version: 8.20.8730.4 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RICOH R5C83x/84x Media Driver Ver.3.53.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.53.02 - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{BB743020-0F2D-4E9B-922B-12014902B20F}) (Version: 2.14.0201 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wondershare AllMyTube(Build 3.2.0.4) (HKLM-x32\...\Wondershare AllMyTube_is1) (Version: 3.2.0.4 - Wondershare Software)
Wondershare Player(Build 1.6.0) (HKLM-x32\...\Wondershare Player_is1) (Version: 1.6.0.3 - Wondershare)
Xirrus Wi-Fi Inspector (HKLM-x32\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)

==================== Restore Points  =========================

04-05-2014 03:15:15 Windows Modules Installer
08-05-2014 23:19:49 Windows Update
15-05-2014 23:09:12 Windows Update
17-05-2014 00:04:19 Windows Modules Installer
15-06-2014 15:37:44 Windows Update
01-07-2014 03:50:35 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0130A25D-0B9F-480B-8673-208F416B3347} - System32\Tasks\RNUpgradeHelperResumePrompt_Leslie => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-17] (RealNetworks, Inc.)
Task: {0740299B-C268-4755-8019-12ACBF789E12} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {1E5974CD-88F7-4B3E-A77F-12F887074A8B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {38A14955-3313-4677-BF26-B5761FB4E8D8} - System32\Tasks\ReclaimerUpdateFiles_Leslie => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-17] (RealNetworks, Inc.)
Task: {3B6CE931-A618-41BA-B5BF-1934F6E20176} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {4EC83F8E-F100-4EA0-96A2-7F20D35F87E0} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {81ECD007-0D0F-45F3-A562-2CD30369337B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3399242083-3682402275-1375265184-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {8A44DECC-5F51-4272-ABC2-8CAF2264BFE1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3399242083-3682402275-1375265184-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {B8A9BAAF-74A4-49DC-9ECB-92CE8A569BA1} - System32\Tasks\AdobeAAMUpdater-1.0-Leslie-PC-Leslie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {C6B7A6E9-D2CF-4DBF-AEB6-7E948DB9EEFF} - System32\Tasks\ReclaimerUpdateXML_Leslie => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-17] (RealNetworks, Inc.)
Task: {C73F9783-E6D8-428A-A1B6-E66B5117AC1A} - System32\Tasks\RNUpgradeHelperLogonPrompt_Leslie => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-17] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Leslie.job => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Leslie.job => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Leslie.job => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2012-01-30 21:05 - 2009-11-05 09:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-08-30 10:01 - 2013-08-30 10:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-08-30 10:01 - 2013-08-30 10:01 - 04579696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-23 22:21 - 2011-11-23 22:21 - 00105576 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2013-09-03 15:25 - 2013-09-03 15:25 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-03-13 13:42 - 2013-06-05 14:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2013-08-30 10:00 - 2013-08-30 10:00 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: HM-ET-SU DWD+-SW!GSA-T50O ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2014 04:33:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21617683

Error: (07/06/2014 04:33:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21617683

Error: (07/06/2014 04:33:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/04/2014 09:49:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 09:04:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 07:38:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3307

Error: (07/04/2014 07:38:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3307

Error: (07/04/2014 07:38:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/04/2014 07:38:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2215

Error: (07/04/2014 07:38:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2215

System errors:
=============
Error: (07/05/2014 10:26:41 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (07/05/2014 09:45:31 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (07/04/2014 10:39:23 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (07/04/2014 10:39:22 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (07/04/2014 10:39:21 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (07/04/2014 10:39:20 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (07/04/2014 10:39:19 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (07/04/2014 10:06:38 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (07/04/2014 09:49:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/04/2014 09:47:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Microsoft Office Sessions:
=========================
Error: (07/06/2014 04:33:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21617683

Error: (07/06/2014 04:33:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21617683

Error: (07/06/2014 04:33:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/04/2014 09:49:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 09:04:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 07:38:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3307

Error: (07/04/2014 07:38:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3307

Error: (07/04/2014 07:38:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/04/2014 07:38:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2215

Error: (07/04/2014 07:38:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2215

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3062.04 MB
Available physical RAM: 1540.66 MB
Total Pagefile: 6122.27 MB
Available Pagefile: 4101 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:211.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 696D9402)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Search results (this is the search using the "search files" button.  Also posted the results from the "search registries" button.  Wasn't sure which one to do.)

 

Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Leslie at 2014-07-06 19:46:36
Running from C:\Users\Leslie\Desktop
Boot Mode: Normal

================== Search Files: "rcpcss.dll" =============

====== End Of Search ======

 

Search results from "search registries" button:

 

Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Leslie at 2014-07-06 19:52:26
Running from C:\Users\Leslie\Desktop
Boot Mode: Normal

================== Search Registry: "rcpcss.dll" ===========

====== End Of Search ======

 

 

 

Thanks so much for your help!



#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:26 PM

Posted 07 July 2014 - 01:07 AM

Hi lego7191

Step 1

We need to do a search with Farbar's Recovery Scan Tool 

Open up Farbar's Recovery Scan Tool 

Type the following in the edit box after "Search:".

rpcss.dll


It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 lego7191

lego7191
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 07 July 2014 - 04:45 PM

The rpcss.dll results from the Search Files button:

 

Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Leslie at 2014-07-07 17:40:56
Running from C:\Users\Leslie\Desktop
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 23:24][2010-11-20 23:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\System32\rpcss.dll
[2010-11-20 23:24][2010-11-20 23:24] 0528384 ____A (Microsoft Corporation) EE31346B5A3BA3EC54CFFB050B316650

====== End Of Search ======

 

 

and the rpcss.dll results from the Search Registries button:

 

Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Leslie at 2014-07-07 17:45:36
Running from C:\Users\Leslie\Desktop
Boot Mode: Normal

================== Search Registry: "rpcss.dll" ===========

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d]
"f!rpcss.dll"="0x720070006300730073002E0064006C006C00"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Parameters]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\Parameters]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\DcomLaunch\Parameters]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\RpcSs\Parameters]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DcomLaunch\Parameters]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs\Parameters]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

====== End Of Search ======

 

 

thank you!



#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:26 PM

Posted 07 July 2014 - 05:29 PM

Hi Lego7191

Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

HKU\S-1-5-21-3399242083-3682402275-1375265184-1000\...\MountPoints2: {05dbcfd1-2797-11e2-a757-0023ae1b677a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3399242083-3682402275-1375265184-1000\...\MountPoints2: {eaf186b7-845c-11e1-8aae-0023ae1b677a} - D:\KODAK_Camera_Setup_App.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtBtA0A0EtC0ByCyByB0A0DtB0FyEtN0D0Tzu0CyBzzyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1473590204&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtBtA0A0EtC0ByCyByB0A0DtB0FyEtN0D0Tzu0CyBzzyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1473590204&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {972F900E-8529-4AF2-A651-504F5EAF0D50} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={68435408-E665-11E2-81D4-0023AE1B677A}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324415&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB3E77D17-124C-451B-B0AC-30297FC64544&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324415&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB3E77D17-124C-451B-B0AC-30297FC64544&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0F715E9D-27DE-45EE-8DCB-DB8725E76D11} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=8D3E67B7-CB26-4474-9E1E-6976BB16B5D1&apn_sauid=A359C0B1-CABF-479D-B6E5-A3A641DE723C
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN36056773121651025&UM=2
SearchScopes: HKCU - {972F900E-8529-4AF2-A651-504F5EAF0D50} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtBtA0A0EtC0ByCyByB0A0DtB0FyEtN0D0Tzu0CyBzzyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1473590204&ir=
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={68435408-E665-11E2-81D4-0023AE1B677A}&crg=3.5000006.10045&st=23
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
C:\Users\Leslie\CTX.DAT
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
Reboot:

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 2

Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 3

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4

We need to re-run FRST

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 lego7191

lego7191
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 07 July 2014 - 06:16 PM

Results of Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Leslie at 2014-07-07 19:01:35 Run:1
Running from C:\Users\Leslie\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3399242083-3682402275-1375265184-1000\...\MountPoints2: {05dbcfd1-2797-11e2-a757-0023ae1b677a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3399242083-3682402275-1375265184-1000\...\MountPoints2: {eaf186b7-845c-11e1-8aae-0023ae1b677a} - D:\KODAK_Camera_Setup_App.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtBtA0A0EtC0ByCyByB0A0DtB0FyEtN0D0Tzu0CyBzzyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1473590204&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtBtA0A0EtC0ByCyByB0A0DtB0FyEtN0D0Tzu0CyBzzyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1473590204&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {972F900E-8529-4AF2-A651-504F5EAF0D50} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={68435408-E665-11E2-81D4-0023AE1B677A}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324415&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB3E77D17-124C-451B-B0AC-30297FC64544&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324415&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB3E77D17-124C-451B-B0AC-30297FC64544&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0F715E9D-27DE-45EE-8DCB-DB8725E76D11} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=8D3E67B7-CB26-4474-9E1E-6976BB16B5D1&apn_sauid=A359C0B1-CABF-479D-B6E5-A3A641DE723C
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN36056773121651025&UM=2
SearchScopes: HKCU - {972F900E-8529-4AF2-A651-504F5EAF0D50} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtBtA0A0EtC0ByCyByB0A0DtB0FyEtN0D0Tzu0CyBzzyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1473590204&ir=
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={68435408-E665-11E2-81D4-0023AE1B677A}&crg=3.5000006.10045&st=23
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
C:\Users\Leslie\CTX.DAT
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
Reboot:
*****************

'HKU\S-1-5-21-3399242083-3682402275-1375265184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05dbcfd1-2797-11e2-a757-0023ae1b677a}' => Key deleted successfully.
'HKCR\CLSID\{05dbcfd1-2797-11e2-a757-0023ae1b677a}'=> Key not found.
'HKU\S-1-5-21-3399242083-3682402275-1375265184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eaf186b7-845c-11e1-8aae-0023ae1b677a}' => Key deleted successfully.
'HKCR\CLSID\{eaf186b7-845c-11e1-8aae-0023ae1b677a}'=> Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}' => Key deleted successfully.
'HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}' => Key deleted successfully.
'HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0F715E9D-27DE-45EE-8DCB-DB8725E76D11}' => Key deleted successfully.
'HKCR\CLSID\{0F715E9D-27DE-45EE-8DCB-DB8725E76D11}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}' => Key deleted successfully.
'HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{972F900E-8529-4AF2-A651-504F5EAF0D50}' => Key deleted successfully.
'HKCR\CLSID\{972F900E-8529-4AF2-A651-504F5EAF0D50}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}' => Key deleted successfully.
'HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}'=> Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => value deleted successfully.
C:\Users\Leslie\CTX.DAT => Moved successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

The system needed a reboot.

==== End of Fixlog ====

 

 

Results of Adwcleaner:

 

# AdwCleaner v3.214 - Report created 07/07/2014 at 19:16:22
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Leslie - LESLIE-PC
# Running from : C:\Users\Leslie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Users\Leslie\AppData\Local\Conduit
Folder Deleted : C:\Users\Leslie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Leslie\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Leslie\AppData\Roaming\strongvault
File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3281675
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

*************************

AdwCleaner[R0].txt - [3980 octets] - [07/07/2014 19:14:09]
AdwCleaner[S0].txt - [3638 octets] - [07/07/2014 19:16:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3698 octets] ##########

 

 

 

JRT results:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Leslie on Mon 07/07/2014 at 19:25:34.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3399242083-3682402275-1375265184-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1373BA72-5012-496E-9F72-7A426DCF78BB}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{048E0D1C-ACE2-47F7-9EE5-E09905D79D8F}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{04A3DDD4-FE79-4FF4-B3C1-AA537C9C8389}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{065B873B-60F2-4887-B26E-54B7FABAB5FB}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{083DEFAB-DE97-47CF-8B52-833F01ED141A}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{0B5E6DEF-8AE4-4B44-9381-F439E11A1C64}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{1089A732-6707-4679-B6BE-E531F8CFDB27}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{120F956E-C4AE-4153-9D41-52AD1AD70164}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{124F2708-50D0-4A84-BD0F-4CCE7D538B85}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{13F055B1-D270-4173-91B2-ACB8CD888712}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{18149486-056A-4942-A9DB-1FB24BD9392E}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{19670758-E1FC-41C3-899D-065CFAA3D7BA}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{1A243055-20A8-4210-AEA7-BD8AB42EF12B}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{1CFFB1C3-2885-4A14-942C-D2C615DEBBE6}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{1D3AA174-77EF-426D-9C2C-844C3D2380B4}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{1E7E85E4-FC8C-499E-8D32-941E97E1FE5F}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{1F463329-28C5-4FCD-9E6D-1CCD4E4B3B07}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{1FE576F4-3F8F-46AA-9E57-1284B47DCCED}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{2076E134-5A4F-4F70-A5DA-C988B00C92E8}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{227FBFFC-766C-4ACC-BA71-065BED9FCC1B}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{25F37139-1FE1-4A5D-A11F-7CD3E7418CE7}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{28320F2D-9817-4A35-AECA-CF1993908F6F}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{2A24B1A7-066D-4947-967D-57270C5F2B6A}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{2B168DDB-71FB-4ACA-8349-EA6609675005}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{2C6A45F5-AB1C-4A25-8BED-2EE1C46DA813}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{3131DAB5-3D07-4939-A60B-302BC2856BB9}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{3370972B-6BC6-4761-B3B5-126AA8D0595B}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{35ED7891-8261-4DD3-A4D0-79B43C753806}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{3734BB04-BC88-4668-ADF7-9EDD308E297C}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{3D98B376-87BF-4903-B22D-9F58FFB6D993}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{3F9672EA-C839-47EA-A51F-8680E1411785}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{417BE1D0-1FB4-4E8D-9271-89CEA31AAB85}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{48F10295-F1CB-46B1-9019-A4A41C6694F2}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{4A99A28C-BB24-4D93-A1D5-7C5E79D488F6}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{4B790DDE-EB90-4FCC-8705-701AB98593E5}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{4C115FE5-91BA-485B-9A39-F812A370D434}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{523A443F-B0E7-4CEA-9466-21644F5A0C3C}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{550E20BF-A7BC-481F-BAE2-CC0EEE4F488D}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{6051E866-0C1E-4555-A7CE-96B9B9C0EFD2}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{61B97CB1-2CA4-4674-8B36-B01CCC03571B}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{62B75A46-6975-406F-AD77-25922D35F8F3}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{650ADC4D-7D34-4C27-9DCF-6729A80CD529}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{656AAD9D-9DDB-49F8-BE34-305323A655C1}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{65BB91DA-0C62-4B0F-A3AC-27CFAF2F4731}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{666E32FC-EB93-4D87-A270-017AD6C4A217}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{691B8CBB-F1F7-4EC0-AD71-96E5708C0BE2}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{7038A6DB-6949-4A74-B64B-321F229EF7EB}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{71F49715-0DC1-4950-8F6C-A31CD5EC2A56}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{7209E204-5715-47ED-A8F5-81198BAE66ED}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{73763C4F-AAE1-4176-AC7F-C76FC221AA64}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{769FC531-F0BA-45E9-A3E6-FF049AB6AA58}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{7D90BD64-09D2-488C-8908-31F5B185EFD5}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{818F29D9-7AF2-44D3-8049-158D88B23C4E}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{861FB054-67D8-447B-8957-CF1AE327F309}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{87427639-9069-424E-A0A6-B70C7D450CE2}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{8B36A32D-DEDB-433C-9D92-1CA1BB4D8243}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{8DCDA4BC-62F5-4231-B77E-D9053FB5648D}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{9024EE88-F9BB-4808-A429-0A132620F9D4}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{919F6DEB-45EA-4C7A-B388-B6BC4032062E}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{99421BAA-D084-44CA-9856-BC996BFDBF70}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{9B8F8587-3997-4D9D-99D8-1C3C59A7D401}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{9C300E36-55CE-4B69-A3B2-A5F152BAE947}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{9D552764-CC8E-4F38-9CF1-776182CF0DEC}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{9E2D24C4-4C2C-416D-B767-81D2DF33C29C}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{A1AC2531-1E7C-4E3B-84FD-F83DF99C8C95}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{A599862E-A015-4EAA-8748-3DDD6FDEC748}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{A61AA952-F0B8-467F-98F5-B3CCF3D12353}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{A7922E68-D74B-4C3B-A030-F82F388F3D79}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{AA3C4C11-A359-4E31-ABEC-29376033424A}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{AA9A2CC6-C0EA-4211-B83C-CDC02669238E}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{AD506340-467F-4A6C-9CD8-A41E0597ACDB}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{B3228D72-A97A-404B-A50B-3DF362CA7B92}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{B33A85F9-ECFF-4616-B344-380EFEFD714E}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{B402D591-CAE5-4E3D-80D5-47122CD862A3}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{BD67C444-0BDA-4402-AECF-161226E2BA81}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{BDC70E00-91C9-487F-86E8-AFF30C601C7A}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{BE40FDFD-14FC-4809-A6CF-792AC14555E2}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{BEB05713-C9F7-46CF-9B51-2AAC6524497F}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{BF564CF7-F7E4-432E-8BB0-1AB6F36C1D29}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{BF945EE7-0889-4170-A57E-FB4D04D4CCA5}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{C2339FED-7CAF-4125-881B-E7D71CC2D849}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{C24C518E-E8C0-40F9-A1CC-ECE20AD07164}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{C413C293-0DB2-4B55-BE6D-35B1C46C2431}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{C6D03503-90D6-47C7-9AB0-BA6EBEFD7B03}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{C6E62365-9D6E-4D53-B31B-EEBFC6388963}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{C880F67C-BC1C-4AEA-9DF8-50B2F3B07930}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{CD4F4F70-A2CA-4EA5-97C8-3663D00C3751}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{D454D946-943E-4140-BD7B-71D1C4AF2B79}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{D5C38155-B4CF-49C0-B6C7-FAA3E52BBD9B}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{D6150F1F-2546-46A7-B03A-C87D6C536450}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{D7068994-47E9-4F68-AFF0-A30171B11526}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{D7BC823E-909B-42F0-8042-B4F6A6887280}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{D8CECCF9-24CE-4C21-B65A-F3E1DC0D2F7B}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{DB2CAD9A-1053-4A26-8356-851D26E9DE04}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{E208B300-5A24-47CE-B75C-65BD81C53F8A}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{E40C8A40-B547-42BB-B88E-DD118B36A7C1}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{E480074A-C268-4AD2-A941-3B555E413255}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{E8AD9572-B254-43A9-9288-E126C6EF135E}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{E98E8145-C78F-48FE-AEE5-765D30EBC8A8}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{EA77CE1D-A558-4068-9EBF-C4CEF3C678AE}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{EA95A6B7-DF2A-458E-9A45-F51B5FBB2F1F}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{EB49C3C7-26FB-477E-B4BE-17AF8F4FA449}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{F09D6C74-6FC7-494B-B782-F05450C0115E}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{F266D8A9-F442-4434-A6D7-5C61B3A8FDA8}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{F4126D90-84CB-4C7F-AD0E-31BB9A0CE208}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{F8455478-4903-4108-B09C-48046044DFC6}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{F9E3029D-D110-4F15-8DDD-739C4E05F5B3}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{FA4CC235-9492-4976-95CF-0FDFBA7DF5FB}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{FB909796-5035-431C-9ED0-4568D2B9C3BE}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{FBDA6ACC-D855-412F-886D-CC81F68B9A15}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{FD3DA299-F982-45F3-B45B-6DF7DC94E66D}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{FE72DF0E-A459-45DB-8898-C5AFC6BDB49C}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/07/2014 at 19:34:23.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Frst log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Leslie (administrator) on LESLIE-PC on 07-07-2014 19:40:37
Running from C:\Users\Leslie\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\Leslie\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-06-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe [1960008 2013-09-28] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Leslie\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: HKLM-x32 {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} http://actiftp.hosting4less.com/ACTIGENERAL/AP&Manual/Live%20Demo/nvUnifiedControl.ocx
Tcpip\Parameters: [DhcpNameServer] 24.178.162.3 24.159.64.23 66.189.0.100 192.168.1.1 24.178.162.3 24.159.64.23 66.189.0.100

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-07]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt
FF Extension: Wondershare AllMyTube - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt [2013-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-26]
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2014-02-24]
FF HKCU\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt
FF Extension: Wondershare AllMyTube - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt [2013-04-14]

==================== Services (Whitelisted) =================

S2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-14] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140703.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140707.003\ENG64.SYS [126040 2014-01-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140707.003\EX64.SYS [2099288 2014-01-26] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-07 19:34 - 2014-07-07 19:34 - 00013316 _____ () C:\Users\Leslie\Desktop\JRT.txt
2014-07-07 19:25 - 2014-07-07 19:25 - 00000000 ____D () C:\Windows\ERUNT
2014-07-07 19:23 - 2014-07-07 19:24 - 01016261 _____ (Thisisu) C:\Users\Leslie\Desktop\JRT.exe
2014-07-07 19:13 - 2014-07-07 19:16 - 00000000 ____D () C:\AdwCleaner
2014-07-07 19:13 - 2014-07-07 19:13 - 01346519 _____ () C:\Users\Leslie\Desktop\AdwCleaner.exe
2014-07-07 19:11 - 2014-07-07 19:11 - 00003045 _____ () C:\Users\Leslie\Desktop\fixlist.txt
2014-07-06 19:46 - 2014-07-07 17:45 - 00001182 _____ () C:\Users\Leslie\Desktop\Search.txt
2014-07-06 19:41 - 2014-07-06 19:42 - 00030725 _____ () C:\Users\Leslie\Desktop\Addition.txt
2014-07-06 19:40 - 2014-07-07 19:40 - 00019426 _____ () C:\Users\Leslie\Desktop\FRST.txt
2014-07-06 19:38 - 2014-07-07 19:40 - 00000000 ____D () C:\FRST
2014-07-06 19:37 - 2014-07-06 19:37 - 02084352 _____ (Farbar) C:\Users\Leslie\Desktop\FRST64.exe
2014-07-04 21:47 - 2014-07-04 21:48 - 00000000 ____D () C:\NPE
2014-07-04 21:45 - 2014-07-04 21:57 - 00000000 ____D () C:\Users\Leslie\AppData\Local\NPE
2014-07-04 20:46 - 2014-07-04 20:46 - 00321220 ____S () C:\Windows\system32\bkph.olx
2014-06-21 01:40 - 2014-07-07 19:18 - 00000380 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Leslie.job
2014-06-21 01:40 - 2014-07-07 18:52 - 00002964 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Leslie
2014-06-21 01:40 - 2014-07-07 18:52 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Leslie.job
2014-06-21 01:40 - 2014-07-07 17:52 - 00002968 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Leslie
2014-06-21 01:40 - 2014-07-07 17:52 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Leslie.job
2014-06-21 01:40 - 2014-06-21 01:40 - 00003618 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Leslie
2014-06-21 01:40 - 2014-06-21 01:40 - 00002672 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Leslie
2014-06-15 12:01 - 2014-06-15 12:01 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-06-14 18:54 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-14 18:54 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-14 18:54 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-14 18:54 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-14 18:54 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-14 18:54 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-14 18:54 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-14 18:54 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-14 18:54 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-14 18:54 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-14 18:54 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-14 18:54 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-14 18:53 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-14 18:53 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-14 18:53 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-14 18:53 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-14 18:53 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-14 18:53 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-14 18:53 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-14 18:53 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-14 18:53 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-14 18:53 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-14 18:53 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-14 18:53 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-14 18:53 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-14 18:53 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-14 18:53 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-14 18:53 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-14 18:53 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-14 18:53 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-14 18:53 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-14 18:53 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-14 18:53 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-14 18:53 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-14 18:53 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-14 18:53 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-14 18:53 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-14 18:53 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-14 18:53 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-14 18:53 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-14 18:53 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-14 18:53 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-14 18:53 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-14 18:53 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-14 18:53 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-14 18:53 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-14 18:53 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-14 18:53 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-14 18:53 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-14 18:53 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-14 18:53 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-14 18:53 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-14 18:53 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-14 18:53 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-14 18:53 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-14 18:53 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-14 18:53 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-14 18:53 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-14 18:53 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-14 18:53 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-14 18:53 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-14 18:53 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-14 18:53 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-14 18:53 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-14 18:52 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-14 18:52 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-07-07 19:40 - 2014-07-06 19:40 - 00019426 _____ () C:\Users\Leslie\Desktop\FRST.txt
2014-07-07 19:40 - 2014-07-06 19:38 - 00000000 ____D () C:\FRST
2014-07-07 19:34 - 2014-07-07 19:34 - 00013316 _____ () C:\Users\Leslie\Desktop\JRT.txt
2014-07-07 19:25 - 2014-07-07 19:25 - 00000000 ____D () C:\Windows\ERUNT
2014-07-07 19:25 - 2009-07-14 00:45 - 00035328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-07 19:25 - 2009-07-14 00:45 - 00035328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-07 19:24 - 2014-07-07 19:23 - 01016261 _____ (Thisisu) C:\Users\Leslie\Desktop\JRT.exe
2014-07-07 19:22 - 2012-01-23 18:35 - 01480992 _____ () C:\Windows\WindowsUpdate.log
2014-07-07 19:18 - 2014-06-21 01:40 - 00000380 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Leslie.job
2014-07-07 19:17 - 2014-02-09 02:47 - 00003342 _____ () C:\Windows\setupact.log
2014-07-07 19:17 - 2010-11-20 23:47 - 00941846 _____ () C:\Windows\PFRO.log
2014-07-07 19:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-07 19:16 - 2014-07-07 19:13 - 00000000 ____D () C:\AdwCleaner
2014-07-07 19:13 - 2014-07-07 19:13 - 01346519 _____ () C:\Users\Leslie\Desktop\AdwCleaner.exe
2014-07-07 19:11 - 2014-07-07 19:11 - 00003045 _____ () C:\Users\Leslie\Desktop\fixlist.txt
2014-07-07 19:01 - 2012-01-23 15:40 - 00000000 ____D () C:\Users\Leslie
2014-07-07 18:52 - 2014-06-21 01:40 - 00002964 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Leslie
2014-07-07 18:52 - 2014-06-21 01:40 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Leslie.job
2014-07-07 17:52 - 2014-06-21 01:40 - 00002968 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Leslie
2014-07-07 17:52 - 2014-06-21 01:40 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Leslie.job
2014-07-07 17:45 - 2014-07-06 19:46 - 00001182 _____ () C:\Users\Leslie\Desktop\Search.txt
2014-07-07 17:27 - 2012-01-23 16:42 - 00000000 ____D () C:\Users\Leslie\AppData\Local\Adobe
2014-07-06 19:42 - 2014-07-06 19:41 - 00030725 _____ () C:\Users\Leslie\Desktop\Addition.txt
2014-07-06 19:37 - 2014-07-06 19:37 - 02084352 _____ (Farbar) C:\Users\Leslie\Desktop\FRST64.exe
2014-07-05 21:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-04 21:57 - 2014-07-04 21:45 - 00000000 ____D () C:\Users\Leslie\AppData\Local\NPE
2014-07-04 21:57 - 2012-12-17 01:27 - 00000000 ____D () C:\Users\Leslie\AppData\Roaming\Real
2014-07-04 21:48 - 2014-07-04 21:47 - 00000000 ____D () C:\NPE
2014-07-04 21:46 - 2012-01-23 19:58 - 00000000 ____D () C:\ProgramData\Norton
2014-07-04 20:46 - 2014-07-04 20:46 - 00321220 ____S () C:\Windows\system32\bkph.olx
2014-07-04 20:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-07-01 11:29 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 23:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-26 17:56 - 2012-01-30 21:12 - 00000000 ____D () C:\Users\Leslie\AppData\Local\CutePDF Writer
2014-06-21 01:40 - 2014-06-21 01:40 - 00003618 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Leslie
2014-06-21 01:40 - 2014-06-21 01:40 - 00002672 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Leslie
2014-06-15 12:01 - 2014-06-15 12:01 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-06-15 11:53 - 2012-08-27 17:35 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-06-15 11:52 - 2014-01-26 23:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-06-15 11:52 - 2012-08-27 17:36 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-15 11:52 - 2012-08-27 17:36 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-06-15 11:50 - 2013-07-15 21:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-15 11:47 - 2012-01-23 16:19 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-15 11:46 - 2012-01-24 19:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-15 11:42 - 2014-05-08 19:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 05:13 - 2014-06-14 18:52 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-14 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Leslie\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-30 18:14

==================== End Of Log ============================

 

 

Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Leslie at 2014-07-07 19:41:10
Running from C:\Users\Leslie\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.2.232 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bitcoin (HKCU\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0.9.1.2 - Ezvid, inc.)
Free YouTube Downloader 3.5.187 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.7102 - HRB Technology, LLC.)
H&R Block Georgia 2011 (HKLM-x32\...\{76ADF6B8-FB83-4358-8502-9FCDFD3C7AA0}) (Version: 1.11.2001 - HRB Technology, LLC.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iPad/iPhone/iPod to Computer Transfer 7.7.7 (HKLM\...\Cucusoft iPad/iPhone/iPod to Computer Transfer_is1) (Version:  - Cucusoft, Inc.)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lagarith lossless video codec (Remove Only) (HKLM-x32\...\LAGARITH) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XML Parser (x32 Version: 8.20.8730.4 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RICOH R5C83x/84x Media Driver Ver.3.53.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.53.02 - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{BB743020-0F2D-4E9B-922B-12014902B20F}) (Version: 2.14.0201 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wondershare AllMyTube(Build 3.2.0.4) (HKLM-x32\...\Wondershare AllMyTube_is1) (Version: 3.2.0.4 - Wondershare Software)
Wondershare Player(Build 1.6.0) (HKLM-x32\...\Wondershare Player_is1) (Version: 1.6.0.3 - Wondershare)
Xirrus Wi-Fi Inspector (HKLM-x32\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)

==================== Restore Points  =========================

04-05-2014 03:15:15 Windows Modules Installer
08-05-2014 23:19:49 Windows Update
15-05-2014 23:09:12 Windows Update
17-05-2014 00:04:19 Windows Modules Installer
15-06-2014 15:37:44 Windows Update
01-07-2014 03:50:35 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0130A25D-0B9F-480B-8673-208F416B3347} - System32\Tasks\RNUpgradeHelperResumePrompt_Leslie => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-17] (RealNetworks, Inc.)
Task: {0740299B-C268-4755-8019-12ACBF789E12} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {1E5974CD-88F7-4B3E-A77F-12F887074A8B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {38A14955-3313-4677-BF26-B5761FB4E8D8} - System32\Tasks\ReclaimerUpdateFiles_Leslie => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-17] (RealNetworks, Inc.)
Task: {3B6CE931-A618-41BA-B5BF-1934F6E20176} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {4EC83F8E-F100-4EA0-96A2-7F20D35F87E0} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {81ECD007-0D0F-45F3-A562-2CD30369337B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3399242083-3682402275-1375265184-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {8A44DECC-5F51-4272-ABC2-8CAF2264BFE1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3399242083-3682402275-1375265184-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {B8A9BAAF-74A4-49DC-9ECB-92CE8A569BA1} - System32\Tasks\AdobeAAMUpdater-1.0-Leslie-PC-Leslie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {C6B7A6E9-D2CF-4DBF-AEB6-7E948DB9EEFF} - System32\Tasks\ReclaimerUpdateXML_Leslie => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-17] (RealNetworks, Inc.)
Task: {C73F9783-E6D8-428A-A1B6-E66B5117AC1A} - System32\Tasks\RNUpgradeHelperLogonPrompt_Leslie => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-17] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Leslie.job => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Leslie.job => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Leslie.job => C:\Users\Leslie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2012-01-30 21:05 - 2009-11-05 09:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-08-30 10:01 - 2013-08-30 10:01 - 04579696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-08-30 10:01 - 2013-08-30 10:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-03 15:25 - 2013-09-03 15:25 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-03-13 13:42 - 2013-06-05 14:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2013-08-30 10:00 - 2013-08-30 10:00 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3062.04 MB
Available physical RAM: 1789.16 MB
Total Pagefile: 6122.27 MB
Available Pagefile: 4688.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:211.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 696D9402)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by lego7191, 07 July 2014 - 06:42 PM.


#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:26 PM

Posted 08 July 2014 - 04:34 PM

Hi lego7191

Your logs are looking better.

Step 1

Can you confirm that your no longer getting the alerts from Norton.

Step 2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) 8 Update 5 and save it to your desktop.
  • Scroll down to where it says "Java SE 8 Update 5".
  • Click the "Download JRE" button.
  • Accept the license agreement.
  • select 'Windows x86'offline or 'Windows x64.exe' (depending on whether you are running a 32 or 64 bit system) from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove:-

    Java™ 6 Update 37
  • Reboot your computer once all Java components are removed.

Then from your desktop double-click on downloaded icon to install the newest version.

Step 3

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
 

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
     
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
     
  • Check in "Uninstall application on close"
  • Close program

    If threats were found:
     
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 lego7191

lego7191
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 09 July 2014 - 05:28 PM

1 - correct - I am not receiving the Norton pop-ups

 

2 - Java has been reinstalled with newer version

 

3 - threats were found with ESET. 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Leslie\AppData\Roaming\OpenCandy\59F89EDE6E494B69AD41B903F0DE6F4E\mconduitinstaller.exe.vir Win32/Toolbar.Conduit.S potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Leslie\AppData\Roaming\OpenCandy\6155D0159B3A47A19E037A09EB114C83\PureLeadsSetupx21701.exe.vir a variant of Win32/AdWare.Sendori.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Leslie\AppData\Roaming\OpenCandy\A233C83A77BA496F86300F444576389F\StrongVault.exe.vir Win32/DownWare.N potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD Win64/Patched.I trojan cleaned - quarantined
C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Bitcoin\daemon\bitcoind.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application deleted - quarantined
C:\Users\Leslie\Downloads\AdvancedOCRFree.exe Win32/OpenCandy potentially unsafe application deleted - quarantined

 

thank you !
 



#12 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:26 PM

Posted 10 July 2014 - 10:39 AM

Hi lego7191

Glad to hear your not getting the alerts anymore :thumbup2:

The threats found have been disabled and backed up into the tools quarantine folder. We will delete this at the end of the topic.

Step 1

We need to do a quick check on a file.

  • Go to VirusTotal.
  • Click Choose File.
  • Copy and paste the exact file name in bold:
    • C:\Windows\system32\bkph.olx
  • Click Send.
  • Copy and paste back the results once VirusTotal has finished scanning the file.

Step 2

Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please copy and paste the contents of that document in your next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#13 lego7191

lego7191
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 11 July 2014 - 10:39 PM

The VirusTotal link doesn't work.  Can you repost?  I'd google it, but I don't want to pull up the wrong thing.



#14 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:26 PM

Posted 12 July 2014 - 02:34 AM

Hi lego7191

 

Try this link https://www.virustotal.com/


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#15 lego7191

lego7191
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 12 July 2014 - 01:23 PM

It tells me that bkph.olx file name is not found - check file name and try again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users