Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Lightmark Player Pro download a virus? Second attempt


  • This topic is locked This topic is locked
31 replies to this topic

#1 tyl604

tyl604

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:01:37 AM

Posted 23 July 2014 - 08:57 PM

It keeps telling me my flash player or Adobe or something is out of date and I MUST download the update. However I see that the update company is not affiliated with Adobe. So it must be a scam or malware. Finally I am able to X out of it and then I can read the document I was trying to read. Annoying.

I believe I both pasted and attached both attach and dds - sorry about the double info. Did not want to delete anything so I just left it below.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Bleepingcomputer at 21:40:17 on 2014-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1788.730 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\PROGRA~2\IObitBar\toolbar\1.bin\i0barsvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mdres.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\explorer.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://aol.com/
uSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [YbzsPack] regsvr32.exe C:\Users\Bleepingcomputer\AppData\Local\YbzsPack\lztrace.dll
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
mRun: [NeroCheck] C:\Windows\SysWOW64\NeroCheck.exe
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [HP Lamp] "C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\ACROBA~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
uPolicies-Explorer: TaskbarNoNotification = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: LastPass - C:\Users\Bleepingcomputer\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Bleepingcomputer\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.21/TSWeb.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2BE7B38B-9ACF-414D-B060-E9CD1C76DF17} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{751E767F-F03E-4D65-85AE-5742EB85CE70} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{751E767F-F03E-4D65-85AE-5742EB85CE70}\8686F6E6F62737 : DHCPNameServer = 64.89.70.2 64.89.74.2 65.220.15.2
TCP: Interfaces\{751E767F-F03E-4D65-85AE-5742EB85CE70}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{751E767F-F03E-4D65-85AE-5742EB85CE70}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DB3214FE-CD90-4707-BBE7-0E385C8BB7B9} : NameServer = 198.224.191.135 198.224.190.135
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll
x64-Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2014-3-9 358552]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1503000.00C\symds64.sys [2014-6-5 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1503000.00C\symefa64.sys [2014-6-5 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [2014-7-23 1530160]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1503000.00C\ccsetx64.sys [2014-6-5 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140723.001\IDSviA64.sys [2014-7-23 525016]
R1 RapportCerberus_68261;RapportCerberus_68261;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [2014-5-15 631096]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-5-3 299512]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-5-3 414232]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\ironx64.sys [2014-6-5 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\symnets.sys [2014-6-5 593112]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-5 203264]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-11-5 844320]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-8-20 72216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-7-21 142128]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-11-5 58880]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-12-8 34872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 DCMessages;DCMessages;C:\Windows\System32\DCMessages.exe [2010-6-5 124808]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-18 48488]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2012-5-3 25600]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\System32\drivers\nwusbmdm_000.sys [2012-5-3 217856]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;C:\Windows\System32\drivers\nwusbmdm_001.sys [2012-5-3 217856]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser_000.sys [2012-5-3 217856]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;C:\Windows\System32\drivers\nwusbser_001.sys [2012-5-3 217856]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser2_000.sys [2012-5-3 217856]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;C:\Windows\System32\drivers\nwusbser2_001.sys [2012-5-3 217856]
S3 nwvzwmbnet_001;Novatel Wireless Verizon LTE Mobile Broadband Network Adapter Service;C:\Windows\System32\drivers\nwvzwmbnet_001.sys [2012-5-3 334848]
S3 OV550I;OVT Scanner;C:\Windows\System32\drivers\ov550ivx.sys [2008-2-22 196992]
S3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2009-12-26 10576]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-5 222208]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-25 59392]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2014-07-22 17:17:53 -------- d-----w- C:\RegBackup
2014-07-22 10:51:15 -------- d-----w- C:\Windows\System32\catroot2
2014-07-22 01:15:40 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2014-07-21 23:31:31 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-07-20 18:50:55 -------- d-----w- C:\Program Files (x86)\ESET
2014-07-10 01:47:24 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-07-10 01:47:20 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-10 01:47:08 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-10 01:47:07 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-10 01:47:05 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 01:47:04 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-10 01:47:01 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 01:42:14 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-07-10 01:42:14 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-10 01:42:12 503296 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-10 01:42:11 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-10 01:42:11 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-10 01:42:09 348672 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-10 01:42:08 692736 ----a-w- C:\Windows\System32\osk.exe
2014-07-10 01:42:08 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-07-10 01:42:07 110592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-10 01:42:07 10240 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2014-07-10 01:42:06 544768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-07-10 01:42:00 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-07-10 01:40:59 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-07-10 01:40:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-07-10 01:40:54 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-07-10 01:40:09 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-10 01:40:04 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-10 01:40:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-26 11:49:25 -------- d-----w- C:\Users\Bleepingcomputer\AppData\Local\Adobe
.
==================== Find3M ====================
.
2014-07-21 01:15:36 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-15 00:43:50 2280 ----a-w- C:\Windows\AUTOLNCH.REG
2014-07-09 22:01:06 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 22:01:06 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-12 11:26:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 11:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-04 02:55:48 358552 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-06-18 11:35:46 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 21:43:49.00 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2009 11:51:26 AM
System Uptime: 7/23/2014 5:58:06 AM (16 hours ago)
.
Motherboard: eMachines | | eMachines E627
Processor: AMD Athlon™ Processor TF-20 | Socket S1G1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 65.906 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
==== System Restore Points ===================
.
RP546: 7/16/2014 6:56:50 AM - Windows Update
RP547: 7/20/2014 7:00:12 PM - Windows Backup
RP548: 7/21/2014 7:38:55 PM - Windows Update
RP549: 7/21/2014 8:40:33 PM - Tweaking.com - Windows Repair
RP550: 7/22/2014 8:47:29 PM - Norton Security Suite Registry
RP551: 7/22/2014 8:59:36 PM - Removed PCMark 7
.
==== Installed Programs ======================
.
3D Christmas Cottage
3D Snowy Cottage
Acrobat.com
Adobe Flash Player 14 ActiveX
Adobe Reader XI (11.0.07)
AMD USB Filter Driver
AnyPic Image Resizer 1.0.1
ArcSoft PhotoImpression 6
Astro Gemini Screensaver Manager 1.2
Astroburn Lite
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Broadcom Driver Installation Program
Bulk Rename Utility 2.7.1.2
Bullzip PDF Printer 7.1.0.1195
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 5.1
Canon MP470 series
Canon MX430 series MP Drivers
Canon MX430 series On-screen Manual
Canon MX430 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Christmas Eve 3D Screensaver 1.0
Christmas Eve Crisis v1.06
D3DX10
DAO 3.5
Defraggler
Dropbox
eMachines Power Management
eMachines Recovery Management
eMachines Updater
ESET Online Scanner v3
Fast Duplicate File Finder 3.0.0.1
Folder Size 1.4.0.0
Free Fireplace 3D Screensaver
Free Picture Resize Starter 4.5
Futuremark SystemInfo
Google+ Auto Backup
GPL Ghostscript Lite 8.70
Identity Card
InCD (ahead software)
InstallConverter
InstallIQ Updater
InstallShield Tuner 6.0.1 For Adobe Acrobat
Internet Updater
IObit Toolbar
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java™ 6 Update 23 (64-bit)
Java™ 6 Update 24
Junk Mail filter update
LastPass(uninstall only)
Launch Manager
Light Image Resizer 4.3.3.0
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2000 Professional
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDriveConnect 3.3.0.1342
Nero - Burning Rom
Nitro PDF Reader
Norton Security Suite
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Nuance PDF Reader
PDF Form Filler 2
Picasa 3
PIXMA Extended Survey Program
Price Check by AOL
Quicken Basic 99
QuickTime
Rapport
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Revo Uninstaller 1.94
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Shrink Pic (remove)
Speccy
SumatraPDF
Synaptics Pointing Device Driver
TeamViewer 9
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TreeSize Free V2.7
Trusteer Endpoint Protection
Tweaking.com - Simple System Tweaker
Tweaking.com - Windows Repair (All in One)
Updater
Verizon Mobile Broadband Drivers
Verizon Wireless USB551L Firmware Updates
Verizon Wireless USB760 Firmware Updates
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio C++ 10.0 Runtime
VNC Free Edition 4.1.3
VZAccess Manager
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
7/23/2014 9:30:18 PM, Error: atikmdag [43029] - Display is not active
7/23/2014 8:43:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
7/23/2014 7:09:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/23/2014 6:16:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VZWConfigService service.
7/23/2014 3:18:45 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
7/22/2014 1:27:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
7/22/2014 1:27:05 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/22/2014 1:26:42 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
7/22/2014 1:26:39 PM, Error: Service Control Manager [7000] - The ASPI32 service failed to start due to the following error: The system cannot find the file specified.
7/22/2014 1:26:07 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
7/22/2014 1:19:39 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer FRONTDESK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{751E767F-F03E-4D65-85AE-5742EB85CE70}. The master browser is stopping or an election is being forced.
7/21/2014 9:41:13 PM, Error: Service Control Manager [7030] - The Tweaking Run As System Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/21/2014 9:08:52 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Security with the following error: Access is denied.
7/21/2014 7:41:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapportMgmtService service.
7/21/2014 7:40:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
7/21/2014 1:14:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer9 service.
.
==== End Of File ===========================

Attached Files


Edited by Oh My!, 30 July 2014 - 08:41 AM.
Posted attach.txt


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 28 July 2014 - 09:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542051 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:01:37 AM

Posted 29 July 2014 - 03:15 PM

Still getting messages that my adobe or flash player or internet explorer is out of date and I MUST update. Obviously a scam. DDS attached.

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 30 July 2014 - 08:21 AM

Greetings tyl604 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:01:37 AM

Posted 30 July 2014 - 07:22 PM

Thanks for your help. I believe I have supplied the files you requested.

 

tyl604

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014
Run by Bleepingcomputer (administrator) on TYL604-PC on 30-07-2014 19:55:45
Running from C:\Users\Bleepingcomputer\Desktop\Bleeping 7 30 2014
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(IObit) C:\Program Files (x86)\IObitBar\toolbar\1.bin\i0barsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(RealVNC Ltd.) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MdRes.exe
(LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-04-14] (CANON INC.)
HKLM-x32\...\Run: [NeroCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-10-18] (Ahead Software Gmbh)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HP Lamp] => C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe [53248 2001-04-27] ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Run: [YbzsPack] => regsvr32.exe C:\Users\Bleepingcomputer\AppData\Local\YbzsPack\lztrace.dll  <===== ATTENTION
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\MountPoints2: F - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\MountPoints2: {77302512-90d2-11e1-b456-002622864709} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\MountPoints2: {77302557-90d2-11e1-b456-002622864709} - F:\VZAccess_Manager.exe /z detect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS359US359
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: HKLM-x32 {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} https://www.mesh.com/0.9.4014.21/TSWeb.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DB3214FE-CD90-4707-BBE7-0E385C8BB7B9}: [NameServer]198.224.191.135 198.224.190.135

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @IObitBar.com/Plugin - C:\Program Files (x86)\IObitBar\toolbar\1.bin\NPi0Stub.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [i0ffxtbr@IObitBar.com] - C:\Program Files (x86)\IObitBar\toolbar\1.bin
FF Extension: No Name - C:\Program Files (x86)\IObitBar\toolbar\1.bin [2010-07-12]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-02-17]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 DCMessages; C:\Windows\System32\DCMessages.exe [124808 2009-11-24] (Global Graphics Software Ltd)
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-03-14] () [File not signed]
R2 IObitBarService; C:\Program Files (x86)\IObitBar\toolbar\1.bin\i0barsvc.exe [28766 2010-07-12] (IObit) [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
R2 NitroReaderDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [341296 2010-06-07] (Nitro PDF Software)
R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
R2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)
S3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASPI32; No ImagePath
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl564.sys [2957312 2009-08-25] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-21] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140729.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
S4 LMIRfsClientNP; No ImagePath
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140730.003\ENG64.SYS [126040 2014-07-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140730.003\EX64.SYS [2099288 2014-07-21] (Symantec Corporation)
S3 NWUSBModem_001; C:\Windows\System32\DRIVERS\nwusbmdm_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 NWUSBPort2_001; C:\Windows\System32\DRIVERS\nwusbser2_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 NWUSBPort_001; C:\Windows\System32\DRIVERS\nwusbser_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 nwvzwmbnet_001; C:\Windows\System32\DRIVERS\nwvzwmbnet_001.sys [334848 2012-05-03] (Novatel Wireless Inc.)
S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-15] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U0 sr;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 19:53 - 2014-07-30 19:55 - 00000000 ____D () C:\FRST
2014-07-30 19:52 - 2014-07-30 19:55 - 00000000 ____D () C:\Users\Bleepingcomputer\Desktop\Bleeping 7 30 2014
2014-07-30 10:12 - 2014-07-30 10:13 - 00000000 ____D () C:\Users\Bleepingcomputer\Documents\On line purchases
2014-07-29 09:54 - 2014-07-29 09:54 - 00000000 ____D () C:\Users\Bleepingcomputer\Documents\Atl Water
2014-07-28 09:35 - 2014-07-28 09:37 - 00000264 _____ () C:\Users\Bleepingcomputer\Desktop\lightmark.url
2014-07-24 13:51 - 2014-07-24 13:51 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2014-07-23 21:44 - 2014-07-29 16:01 - 00019504 _____ () C:\Users\Bleepingcomputer\Desktop\dds.txt
2014-07-23 21:44 - 2014-07-29 16:01 - 00010539 _____ () C:\Users\Bleepingcomputer\Desktop\attach.txt
2014-07-22 13:21 - 2014-07-22 13:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TYL604-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-07-22 13:17 - 2014-07-22 13:17 - 00002251 _____ () C:\Users\Public\Desktop\Tweaking.com - Simple System Tweaker.lnk
2014-07-22 13:17 - 2014-07-22 13:17 - 00000000 ____D () C:\RegBackup
2014-07-21 19:36 - 2014-07-22 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-21 19:36 - 2014-07-21 20:13 - 00002128 _____ () C:\Users\Bleepingcomputer\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-21 19:31 - 2014-07-22 13:17 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-21 19:29 - 2014-07-29 16:02 - 00000000 ____D () C:\Users\Bleepingcomputer\Desktop\Bleeping 7 21 2014
2014-07-20 14:50 - 2014-07-20 14:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-20 14:44 - 2014-07-20 14:44 - 00000708 _____ () C:\Users\Bleepingcomputer\Desktop\JRT.txt
2014-07-15 09:36 - 2014-07-15 09:37 - 00000000 ____D () C:\Users\Bleepingcomputer\Desktop\Atlanta Garbage
2014-07-09 21:47 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 21:47 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 21:42 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 21:42 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 21:42 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 21:42 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 21:41 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 21:41 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 21:41 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 21:41 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 21:41 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 21:41 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 21:41 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 21:41 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 21:41 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 21:41 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 21:41 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 21:41 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 21:41 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 21:40 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 21:40 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 21:40 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 21:40 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 21:40 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 21:40 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 18:35 - 2014-07-09 18:35 - 00112138 _____ () C:\Users\Bleepingcomputer\Downloads\message_zdm.html
2014-07-08 11:09 - 2014-07-23 16:12 - 00000000 ____D () C:\Users\Bleepingcomputer\Desktop\Job search 2014
2014-07-03 15:49 - 2014-07-03 15:49 - 00045641 _____ () C:\Users\Bleepingcomputer\Downloads\report_for_VIN_4jgab54e92a296971.html

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 19:55 - 2014-07-30 19:53 - 00000000 ____D () C:\FRST
2014-07-30 19:55 - 2014-07-30 19:52 - 00000000 ____D () C:\Users\Bleepingcomputer\Desktop\Bleeping 7 30 2014
2014-07-30 19:34 - 2011-06-02 16:50 - 00000000 ____D () C:\Users\Bleepingcomputer\AppData\Roaming\Nitro PDF
2014-07-30 19:13 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-30 19:13 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-30 19:12 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-30 19:07 - 2014-06-22 23:02 - 00001288 _____ () C:\Windows\setupact.log
2014-07-30 19:07 - 2009-07-14 01:08 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-30 19:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-30 19:06 - 2013-03-18 07:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-30 19:06 - 2013-03-18 07:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-30 18:48 - 2013-12-16 07:51 - 00028017 _____ () C:\Windows\IE11_main.log
2014-07-30 18:48 - 2009-12-08 15:52 - 02017612 _____ () C:\Windows\WindowsUpdate.log
2014-07-30 18:39 - 2012-04-03 22:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-30 10:13 - 2014-07-30 10:12 - 00000000 ____D () C:\Users\Bleepingcomputer\Documents\On line purchases
2014-07-30 07:28 - 2009-12-26 22:22 - 00001164 _____ () C:\Windows\QUICKEN.INI
2014-07-29 20:28 - 2013-03-18 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-29 16:02 - 2014-07-21 19:29 - 00000000 ____D () C:\Users\Bleepingcomputer\Desktop\Bleeping 7 21 2014
2014-07-29 16:01 - 2014-07-23 21:44 - 00019504 _____ () C:\Users\Bleepingcomputer\Desktop\dds.txt
2014-07-29 16:01 - 2014-07-23 21:44 - 00010539 _____ () C:\Users\Bleepingcomputer\Desktop\attach.txt
2014-07-29 09:54 - 2014-07-29 09:54 - 00000000 ____D () C:\Users\Bleepingcomputer\Documents\Atl Water
2014-07-29 07:39 - 2011-07-04 13:19 - 00508260 _____ () C:\Windows\PFRO.log
2014-07-28 14:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-28 09:37 - 2014-07-28 09:35 - 00000264 _____ () C:\Users\Bleepingcomputer\Desktop\lightmark.url
2014-07-25 07:20 - 2009-12-26 22:21 - 00000000 ____D () C:\QUICKENW
2014-07-24 20:19 - 2012-04-03 22:58 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-24 20:19 - 2012-04-03 22:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-24 20:19 - 2011-05-16 10:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-24 14:44 - 2014-05-28 13:40 - 00000000 ____D () C:\Users\Bleepingcomputer\Desktop\Alcatel pics 5 28 2014
2014-07-24 13:52 - 2011-12-26 12:21 - 00000000 ____D () C:\Program Files (x86)\LastPass
2014-07-24 13:51 - 2014-07-24 13:51 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2014-07-24 13:51 - 2013-06-18 07:35 - 00000000 ____D () C:\Users\Bleepingcomputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2014-07-24 13:51 - 2011-12-26 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2014-07-24 13:43 - 2009-07-14 00:45 - 00346792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-23 16:12 - 2014-07-08 11:09 - 00000000 ____D () C:\Users\Bleepingcomputer\Desktop\Job search 2014
2014-07-23 11:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-23 07:30 - 2011-05-07 12:43 - 00079904 _____ () C:\Users\Bleepingcomputer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-22 21:00 - 2011-06-14 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2014-07-22 13:31 - 2014-05-29 15:28 - 00000000 ___RD () C:\Users\Bleepingcomputer\Dropbox
2014-07-22 13:29 - 2014-05-29 15:16 - 00000000 ____D () C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox
2014-07-22 13:28 - 2014-05-29 15:26 - 00000000 ____D () C:\Users\Bleepingcomputer\AppData\Roaming\DropboxMaster
2014-07-22 13:21 - 2014-07-22 13:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TYL604-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-07-22 13:17 - 2014-07-22 13:17 - 00002251 _____ () C:\Users\Public\Desktop\Tweaking.com - Simple System Tweaker.lnk
2014-07-22 13:17 - 2014-07-22 13:17 - 00000000 ____D () C:\RegBackup
2014-07-22 13:17 - 2014-07-21 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-22 13:17 - 2014-07-21 19:31 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-21 21:32 - 2012-02-07 21:41 - 00316928 ___SH () C:\Users\Bleepingcomputer\Desktop\Thumbs.db
2014-07-21 21:29 - 2009-07-13 22:34 - 00000535 _____ () C:\Windows\win.ini
2014-07-21 21:15 - 2014-06-05 21:36 - 00782510 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-21 21:15 - 2011-06-27 15:02 - 00000000 ____D () C:\Users\Bleepingcomputer\AppData\Local\CrashDumps
2014-07-21 20:13 - 2014-07-21 19:36 - 00002128 _____ () C:\Users\Bleepingcomputer\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-20 21:15 - 2014-05-15 15:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 14:50 - 2014-07-20 14:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-20 14:44 - 2014-07-20 14:44 - 00000708 _____ () C:\Users\Bleepingcomputer\Desktop\JRT.txt
2014-07-20 14:08 - 2014-01-05 13:09 - 00000000 ____D () C:\AdwCleaner
2014-07-19 08:04 - 2013-06-02 14:53 - 00000000 ____D () C:\Users\Bleepingcomputer\Desktop\Paid bills
2014-07-16 07:49 - 2014-06-09 09:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-16 07:49 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-16 07:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-16 07:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-16 07:35 - 2013-08-02 07:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-16 07:08 - 2009-12-26 23:03 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-15 09:37 - 2014-07-15 09:36 - 00000000 ____D () C:\Users\Bleepingcomputer\Desktop\Atlanta Garbage
2014-07-14 20:43 - 2012-08-27 18:29 - 00002280 _____ () C:\Windows\AUTOLNCH.REG
2014-07-09 18:35 - 2014-07-09 18:35 - 00112138 _____ () C:\Users\Bleepingcomputer\Downloads\message_zdm.html
2014-07-08 15:30 - 2011-05-17 10:01 - 00000000 ____D () C:\Users\Bleepingcomputer\Desktop\Resumes
2014-07-03 21:12 - 2011-06-06 14:15 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-03 15:49 - 2014-07-03 15:49 - 00045641 _____ () C:\Users\Bleepingcomputer\Downloads\report_for_VIN_4jgab54e92a296971.html
2014-07-03 09:15 - 2011-05-07 13:00 - 00000000 ____D () C:\Users\Bleepingcomputer\Documents\Fax

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-20 19:14

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014
Ran by Bleepingcomputer at 2014-07-30 19:58:09
Running from C:\Users\Bleepingcomputer\Desktop\Bleeping 7 30 2014
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Christmas Cottage (HKLM-x32\...\{500D56BA-0E9C-4A98-B4B5-51837CD78E15}) (Version: 1.0.2 - W3i, LLC)
3D Snowy Cottage (HKLM-x32\...\{AB89101E-DA74-4A74-96CC-3D9198B20DC8}) (Version: 1.0.2 - W3i, LLC)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD USB Filter Driver (x32 Version: 1.0.11.86 - Advanced Micro Devices, Inc.) Hidden
AnyPic Image Resizer 1.0.1 (HKLM-x32\...\{97A730EA-218E-4C1C-8D62-18001C410DB4}_is1) (Version:  - PearlMountain Soft)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version:  - ArcSoft)
Astro Gemini Screensaver Manager 1.2 (HKLM-x32\...\Astro Gemini Screensaver Manager_is1) (Version:  - )
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.2.0.0087 - Disk Software Ltd)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{ACCA82EB-7088-919E-5E1C-100A24F11CCF}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Broadcom Driver Installation Program (HKLM-x32\...\{153F839F-0A63-41D8-890F-7324C0E13743}) (Version: 5.60.18.9 - Broadcom)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Bullzip PDF Printer 7.1.0.1195 (HKLM\...\Bullzip PDF Printer_is1) (Version:  - Bullzip)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MP470 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series) (Version:  - )
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
Canon MX430 series On-screen Manual (HKLM-x32\...\Canon MX430 series On-screen Manual) (Version:  - )
Canon MX430 series User Registration (HKLM-x32\...\Canon MX430 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2227.38498 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
ccc-utility64 (Version: 2009.0729.2227.38498 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Christmas Eve 3D Screensaver 1.0 (HKLM-x32\...\Christmas Eve 3D Screensaver_is1) (Version:  - )
Christmas Eve Crisis v1.06 (HKLM-x32\...\Christmas Eve Crisis_is1) (Version:  - InterAction studios)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAO 3.5 (HKLM-x32\...\DAO 3.5) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.)
eMachines Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fast Duplicate File Finder 3.0.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 3.0.0.1 - MindGems, Inc.)
Folder Size 1.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1) (Version: 1.4.0.0 - MindGems, Inc.)
Free Fireplace 3D Screensaver (HKLM-x32\...\Free Fireplace 3D Screensaver_is1) (Version:  - )
Free Picture Resize Starter 4.5 (HKLM-x32\...\Picture Resize_is1) (Version: 5.5.18 - Bidgood Svcs)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPL Ghostscript Lite 8.70 (HKLM-x32\...\GPL Ghostscript Lite_is1) (Version:  - )
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
InCD (ahead software) (HKLM-x32\...\InCD!UninstallKey) (Version:  - )
InstallConverter (HKLM-x32\...\InstallConverter) (Version: 1.0 - InstallConverter)
InstallIQ Updater (HKLM-x32\...\{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}) (Version: 1.1.2.0 - W3i, LLC)
InstallShield Tuner 6.0.1 For Adobe Acrobat (HKLM-x32\...\{E32FC3D8-D106-425E-9F9E-8BE6E2E79AC9}) (Version: 6.0.1 - Adobe)
Internet Updater (HKLM-x32\...\InternetUpdater) (Version: 2.6.52 - Parallel Lines Development, LLC) <==== ATTENTION
IObit Toolbar (HKLM-x32\...\IObitBartoolbar Uninstall) (Version:  - IObit) <==== ATTENTION
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.02 - eMachines)
Light Image Resizer 4.3.3.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.3.3.0 - ObviousIdea)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1342 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
Nero - Burning Rom (HKLM-x32\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.5.3 - ahead software gmbh)
Nitro PDF Reader (HKLM\...\{31D83475-EC8C-4838-B82D-00679229556D}) (Version: 1.1.2.1 - Nitro PDF Software)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
PDF Form Filler 2 (HKLM-x32\...\{DF02A1B9-B4FB-4873-98A4-0793AF76557F}) (Version: 2.0.480 - Blueberry Consultants)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Price Check by AOL (HKLM-x32\...\Price Check by AOL) (Version: 1.11.1.2 - AOL Inc.)
Quicken Basic 99 (HKLM-x32\...\Quicken Basic 99) (Version:  - )
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Rapport (x32 Version: 3.5.1307.76 - Trusteer) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Shrink Pic (remove) (HKLM-x32\...\Shrink Pic) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.2.1 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.76 - Trusteer)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.0.0 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.3 - Tweaking.com)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Verizon Mobile Broadband Drivers (HKLM-x32\...\{171B6E08-E57A-4FC4-8A43-79FDA555E647}) (Version: 3.22.017.001.14 - Novatel Wireless)
Verizon Wireless USB551L Firmware Updates (HKLM-x32\...\{BBB95D0D-D40F-4F46-808D-4D295BBB9490}) (Version: 1.0.5 - Smith Micro Software, Inc.)
Verizon Wireless USB760 Firmware Updates (HKLM-x32\...\{629CCE02-041D-4577-892C-577861181771}) (Version: 1.0.0 - Smith Micro Software, Inc.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VNC Free Edition 4.1.3 (HKLM-x32\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)
VZAccess Manager (HKLM-x32\...\{A19BD7EF-9D03-48B2-B912-7112893CAAB3}) (Version: 7.7.7.0 - Smith Micro Software Inc.)
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3009 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-214847889-3071151494-2151588813-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-214847889-3071151494-2151588813-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-214847889-3071151494-2151588813-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-214847889-3071151494-2151588813-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-214847889-3071151494-2151588813-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bleepingcomputer\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

20-07-2014 23:00:12 Windows Backup
21-07-2014 23:38:55 Windows Update
22-07-2014 00:40:33 Tweaking.com - Windows Repair
23-07-2014 00:47:29 Norton Security Suite Registry
23-07-2014 00:59:36 Removed PCMark 7
28-07-2014 02:42:04 Windows Backup
30-07-2014 00:19:53 Windows Update
30-07-2014 22:45:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-07-21 21:31 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01F8F7CE-A399-4BC7-B044-783005B0C2D4} - System32\Tasks\{155B72A8-5EDB-40DC-B155-FCF8DF35752C} => C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HP PrecisionScan Pro.exe [2001-09-17] (Hewlett-Packard)
Task: {097797D0-2364-45F9-BE4B-93C8A9B4FF04} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1FD72A44-113D-4DAB-8541-5D3FBA1319AC} - System32\Tasks\{D1697862-F5EB-4D35-8838-2AD341A6AA29} => C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HP PrecisionScan Pro.exe [2001-09-17] (Hewlett-Packard)
Task: {243465A0-90BE-4D81-818F-F756CFDE13F2} - System32\Tasks\Microsoft\Windows\MemDiag => C:\Windows\system32\mdres.exe [2009-07-13] (Microsoft Corporation)
Task: {30078CB0-FECB-4219-83BF-5E75F8332EB4} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files (x86)\Driver Tool\Driver Tool\DriverTool.exe
Task: {30D1FE13-160B-4CD8-9EC2-C4240BADF085} - System32\Tasks\{2536F2C0-5B6B-41A9-8D99-94F1283F576C} => C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2012-05-21] (Smith Micro Software, Inc.)
Task: {33C6CCD7-1A03-41DA-B0E7-D0BD9CB7F6CE} - System32\Tasks\{22FA7754-6E88-4829-8792-A7353464AFCD} => C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HP PrecisionScan Pro.exe [2001-09-17] (Hewlett-Packard)
Task: {49F41C31-B5C9-444C-99F7-B601BAA1F803} - System32\Tasks\{E00947DC-6761-4357-BC88-D88FCA37268A} => D:\AT\INSTALL.EXE
Task: {52E184F1-F530-4B62-9AE3-D9F0DCD80B60} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {54142CF5-CB01-48CB-9662-A916575E33CD} - System32\Tasks\{C72F2A1E-E9AF-414A-B8C0-24B875341C59} => D:\AT\INSTALL.EXE
Task: {55A04A06-6C24-4419-B01F-FB386ADF49AE} - System32\Tasks\{1710B374-7FD6-479E-AC16-1A599037ADC5} => D:\AT\INSTALL.EXE
Task: {567724B8-D3C7-465D-B7CE-80470197C2F5} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files (x86)\Driver Tool\Driver Tool\DriverTool.exe
Task: {596BA879-82F9-4594-B4BA-79A34F215964} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-214847889-3071151494-2151588813-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {62CE58E4-652E-4441-8204-187C97900868} - System32\Tasks\{38E014A6-A6D0-4EA4-8D1B-85A9A6F4B6B9} => D:\AT\INSTALL.EXE
Task: {6D75F43C-EF81-4463-9BF0-4307DAE36E8A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-214847889-3071151494-2151588813-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {8D63CEA2-82AC-43E7-8044-D30F378D91C5} - System32\Tasks\{484F9EB7-233F-495D-A0A9-03429172F426} => C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HP PrecisionScan Pro.exe [2001-09-17] (Hewlett-Packard)
Task: {906CD614-DB76-4AB8-BFE5-CAE9190CFBC9} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9DC501BF-5607-4676-A664-19B2450BFF33} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-24] (Adobe Systems Incorporated)
Task: {AC7EF6E4-7E2D-4B46-974E-34013E2F1711} - System32\Tasks\{D95D7629-27F0-4025-8C05-AE7688F09E66} => D:\AT\INSTALL.EXE
Task: {BE0B9C64-8111-4AC3-A4D0-4E3E41F8B585} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files (x86)\Driver Tool\Driver Tool\DriverTool.exe
Task: {C252C8F1-0F92-40E2-B76C-4E32FB12662B} - System32\Tasks\{9AB77018-7213-492D-9C39-1B3A2F9F2291} => D:\AT\INSTALL.EXE
Task: {CFE62A5C-AC87-4149-931D-F60BA10833DD} - System32\Tasks\{05739469-93F6-4FFF-B513-52300BB620FD} => D:\AT\INSTALL.EXE
Task: {D2E4307A-7D5E-406B-B3B4-9EF0253D7DD5} - System32\Tasks\{1CB0028F-B72C-47DA-B9DB-D8023317EECE} => C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HP PrecisionScan Pro.exe [2001-09-17] (Hewlett-Packard)
Task: {D822AECB-E4DC-4FC5-9A33-EFD9BD685FC9} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E08A0B8F-34AD-40B8-A410-4BA1484CD016} - System32\Tasks\{FEC0D55D-E20F-491C-B26F-E32A2551D6FC} => D:\AT\INSTALL.EXE
Task: {E87BC181-60D4-4261-BF96-35A4D9247A4A} - System32\Tasks\{E052B796-3CAA-4971-BDD1-148D37332899} => D:\AT\INSTALL.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-06-06 14:15 - 2007-03-14 11:49 - 00101528 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-08-27 18:29 - 2001-04-27 11:00 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe
2014-03-09 08:17 - 2014-05-15 20:44 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-07-24 13:51 - 2014-07-24 13:51 - 06124032 _____ () C:\Users\Bleepingcomputer\AppData\LocalLow\LastPass\LPPlugin.dll
2013-11-29 05:29 - 2013-11-29 05:29 - 00026520 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2013-11-29 05:28 - 2013-11-29 05:28 - 00082840 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2013-11-29 05:28 - 2013-11-29 05:28 - 00344984 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:58A5270D
AlternateDataStreams: C:\ProgramData\TEMP:612B5BD9
AlternateDataStreams: C:\Users\tyl604\Desktop\FDIC badge.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\tyl604\Desktop\FDIC badge.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\tyl604\Documents\Chiltons 1099 document.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\tyl604\Documents\Chiltons 1099 document.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2014 11:09:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/23/2014 11:09:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/23/2014 11:09:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/23/2014 11:09:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/23/2014 11:06:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/22/2014 06:55:35 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/22/2014 06:55:35 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/21/2014 09:14:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ePowerTray.exe, version: 4.5.3004.0, time stamp: 0x4ac2f9b6
Faulting module name: ePowerTray.exe, version: 4.5.3004.0, time stamp: 0x4ac2f9b6
Exception code: 0xc0000005
Fault offset: 0x0000000000010345
Faulting process id: 0xe0c
Faulting application start time: 0xePowerTray.exe0
Faulting application path: ePowerTray.exe1
Faulting module path: ePowerTray.exe2
Report Id: ePowerTray.exe3

Error: (07/21/2014 07:50:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.

Operation:
   Instantiating VSS server

Error: (07/21/2014 07:50:24 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].

Operation:
   Instantiating VSS server

System errors:
=============
Error: (07/30/2014 07:08:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (07/30/2014 07:08:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (07/30/2014 07:07:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (07/30/2014 07:07:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASPI32 service failed to start due to the following error:
%%2

Error: (07/30/2014 07:07:02 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/30/2014 07:07:02 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/30/2014 06:48:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.

Error: (07/30/2014 06:38:43 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/30/2014 06:38:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer9 service.

Error: (07/30/2014 03:33:02 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Microsoft Office Sessions:
=========================
Error: (04/17/2011 08:45:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 1Microsoft Office Excel12.0.6550.500412.0.6425.100012600

Error: (04/16/2011 11:32:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 1Microsoft Office Excel12.0.6550.500412.0.6425.100041350

Error: (12/10/2010 10:55:22 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6545.500012.0.6425.10001010

Error: (11/18/2010 00:22:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 1Microsoft Office Excel12.0.6545.500012.0.6425.1000830

Error: (09/14/2010 06:43:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6541.500012.0.6425.100011360

==================== Memory info ===========================

Percentage of memory in use: 78%
Total physical RAM: 1788.05 MB
Available physical RAM: 388.18 MB
Total Pagefile: 3576.1 MB
Available Pagefile: 1872.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:136.95 GB) (Free:65.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 31139411)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=137 GB) - (Type=07 NTFS)

 

Attached Files



#6 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:01:37 AM

Posted 31 July 2014 - 06:03 AM

Trying to follow.  Looks like it is marked above.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 31 July 2014 - 02:32 PM

Greetings and thank you for the information.

Lightmark Player Pro is not a legitimate program so do not download it.

You have a minimal amount of memory and very little free memory to work with. This will likely result in diminished computer perfromance.

==================== Memory info ===========================

Percentage of memory in use: 78%
Total physical RAM: 1788.05 MB
Available physical RAM: 388.18 MB


Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Internet Updater
IObit Toolbar
Updater (Version: 2.6.53 - Creative Island Media, LLC)
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Run: [YbzsPack] => regsvr32.exe C:\Users\Bleepingcomputer\AppData\Local\YbzsPack\lztrace.dll  <===== ATTENTION
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
FF Plugin-x32: @IObitBar.com/Plugin - C:\Program Files (x86)\IObitBar\toolbar\1.bin\NPi0Stub.dll No File
S3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]
S2 ASPI32; No ImagePath
S4 LMIRfsClientNP; No ImagePath
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U0 sr;
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D
AlternateDataStreams: C:\ProgramData\TEMP:612B5BD9
AlternateDataStreams: C:\Users\tyl604\Desktop\FDIC badge.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\tyl604\Desktop\FDIC badge.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\tyl604\Documents\Chiltons 1099 document.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\tyl604\Documents\Chiltons 1099 document.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
2014-07-28 09:35 - 2014-07-28 09:37 - 00000264 _____ () C:\Users\Bleepingcomputer\Desktop\lightmark.url
C:\Users\Bleepingcomputer\AppData\Local\YbzsPack
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

D:\AT\INSTALL.EXE

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Revo uninstall the programs properly?
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • Virustotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:01:37 AM

Posted 01 August 2014 - 05:56 AM

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bleepingcomputer on Thu 07/31/2014 at 21:35:10.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\iobitbar"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/31/2014 at 22:02:06.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:01:37 AM

Posted 01 August 2014 - 06:29 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by Bleepingcomputer at 2014-08-01 07:22:19 Run:1
Running from C:\Users\Bleepingcomputer\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-214847889-3071151494-2151588813-1003\...\Run: [YbzsPack] => regsvr32.exe C:\Users\Bleepingcomputer\AppData\Local\YbzsPack\lztrace.dll  <===== ATTENTION
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
FF Plugin-x32: @IObitBar.com/Plugin - C:\Program Files (x86)\IObitBar\toolbar\1.bin\NPi0Stub.dll No File
S3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]
S2 ASPI32; No ImagePath
S4 LMIRfsClientNP; No ImagePath
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U0 sr;
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D
AlternateDataStreams: C:\ProgramData\TEMP:612B5BD9
AlternateDataStreams: C:\Users\tyl604\Desktop\FDIC badge.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\tyl604\Desktop\FDIC badge.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\tyl604\Documents\Chiltons 1099 document.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\tyl604\Documents\Chiltons 1099 document.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
2014-07-28 09:35 - 2014-07-28 09:37 - 00000264 _____ () C:\Users\Bleepingcomputer\Desktop\lightmark.url
C:\Users\Bleepingcomputer\AppData\Local\YbzsPack
*****************

HKU\S-1-5-21-214847889-3071151494-2151588813-1003\Software\Microsoft\Windows\CurrentVersion\Run\\YbzsPack => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKCR\PROTOCOLS\Handler\ipp\0x00000001" => Key deleted successfully.
"HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\ms-help" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@IObitBar.com/Plugin" => Key deleted successfully.
C:\Program Files (x86)\IObitBar\toolbar\1.bin\NPi0Stub.dll not found.
odserv => Service deleted successfully.
ASPI32 => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
cpuz135 => Service deleted successfully.
cpuz136 => Service deleted successfully.
LMIInfo => Service deleted successfully.
sr => Service deleted successfully.
C:\ProgramData\TEMP => ":58A5270D" ADS removed successfully.
C:\ProgramData\TEMP => ":612B5BD9" ADS removed successfully.
"C:\Users\tyl604\Desktop\FDIC badge.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\tyl604\Desktop\FDIC badge.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\tyl604\Documents\Chiltons 1099 document.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\tyl604\Documents\Chiltons 1099 document.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Bleepingcomputer\Desktop\lightmark.url => Moved successfully.
C:\Users\Bleepingcomputer\AppData\Local\YbzsPack => Moved successfully.

==== End of Fixlog ====



#10 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:01:37 AM

Posted 01 August 2014 - 06:37 AM

Unable to run Virustotal because no file called d:\at\install.exe  I already had Revouninstall; have used it for a long time.

 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bleepingcomputer on Thu 07/31/2014 at 21:35:10.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\iobitbar"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/31/2014 at 22:02:06.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 01 August 2014 - 07:29 AM

The Junkware log is listed twice but there is no AdwCleaner log. Were you able to run that?

How is your computer running? Any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:01:37 AM

Posted 01 August 2014 - 05:37 PM

Sending it again.




# AdwCleaner v3.302 - Report created 01/08/2014 at 15:27:32
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bleepingcomputer - TYL604-PC
# Running from : C:\Users\Bleepingcomputer\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


*************************

AdwCleaner[R0].txt - [659 octets] - [05/01/2014 13:09:27]
AdwCleaner[R1].txt - [779 octets] - [10/01/2014 23:46:09]
AdwCleaner[R2].txt - [1225 octets] - [21/05/2014 13:46:47]
AdwCleaner[R3].txt - [1070 octets] - [01/06/2014 14:45:10]
AdwCleaner[R4].txt - [1191 octets] - [24/06/2014 15:35:29]
AdwCleaner[R5].txt - [1327 octets] - [26/06/2014 16:25:45]
AdwCleaner[R7].txt - [1652 octets] - [31/07/2014 21:17:59]
AdwCleaner[R8].txt - [1598 octets] - [01/08/2014 15:23:13]
AdwCleaner[S0].txt - [719 octets] - [05/01/2014 13:21:46]
AdwCleaner[S1].txt - [839 octets] - [10/01/2014 23:51:13]
AdwCleaner[S2].txt - [1299 octets] - [21/05/2014 13:51:10]
AdwCleaner[S3].txt - [1134 octets] - [01/06/2014 14:47:49]
AdwCleaner[S4].txt - [1255 octets] - [24/06/2014 15:37:00]
AdwCleaner[S5].txt - [1391 octets] - [26/06/2014 16:48:17]
AdwCleaner[S6].txt - [675 octets] - [20/07/2014 14:07:27]
AdwCleaner[S7].txt - [1715 octets] - [31/07/2014 21:22:30]
AdwCleaner[S8].txt - [1520 octets] - [01/08/2014 15:27:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1580 octets] ##########

#13 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:01:37 AM

Posted 01 August 2014 - 06:25 PM

Also unable to run Virustotal. Do not find file D:\AT\INSTALL.EXE

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 01 August 2014 - 08:19 PM

OK on the Virustotal.  How is your computer running? Any issues?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:01:37 AM

Posted 01 August 2014 - 08:33 PM

So far I have not seen much of the out-of-date reader messages. Will keep trying and see how it does. Not sure what got cleaned out but maybe it is gone. I used it quite a bit today and, now that I think of it, do not remember much (if any) reoccurrence of the malware.

So let's say OK for now but still under investigation. I will report back in a few days. Will drop in the 2x2gb cards on Tuesday and hope that speeds it up too.

Thanks for the help, Gary; much appreciated.

PS - what file was I supposed to look for in Virustotal? I do not have a D drive and could not id the AT/installexe file anyplace on my laptop.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users