Cyber Tech Help Support Forums

Cyber Tech Help Support Forums (http://www.cybertechhelp.com/forums/index.php)
-   Malware Removal (http://www.cybertechhelp.com/forums/forumdisplay.php?f=25)
-   -   Malware and wireless issues (http://www.cybertechhelp.com/forums/showthread.php?t=223938)

SageWinard February 22nd, 2014 08:20 AM

Malware and wireless issues
 
Hello, I am currently on a Dell Vostro 1700 running windows xp.

It is having some difficulties, and just recently the wireless has stopped. I believe this has been due to malware. Malwarebytes removed about 200 viruses when i ran it, but wireless internet still doesnt work it. I am certain this computer still has some adware. Any advice to remove it but more importantly get the internet back would be appreciated.

schrauber February 22nd, 2014 12:28 PM

Hello, SageWinard



For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.

SageWinard February 28th, 2014 07:50 PM

So the other computer was taken to be physically fixed, the wifi switch was turned off. as for assistance, I am currently on a windows vistra 64 bit hp touchsmart. I have run frst.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Brandi (administrator) on BRANDI-PC on 28-02-2014 10:42:13
Running from C:\Users\Brandi\Desktop
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.e xe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(N-trig LLC) C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(BitTorrent Inc.) C:\Users\Brandi\AppData\Roaming\uTorrent\uTorrent. exe
(Bandoo Media Inc.) C:\Users\Brandi\AppData\Local\iLivid\iLivid.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Media Corporation) C:\Users\Brandi\AppData\Roaming\UpdateServ\Updater Service.exe
() C:\Users\Brandi\AppData\Roaming\VOPackage\VOsrv.ex e
() C:\ProgramData\MediaDev\1393043371\mediadev.exe
() C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe
() C:\Program Files (x86)\click-n-mark\ClickAndMark153.exe
() C:\Program Files (x86)\FindRight\FindRight.FirstRun.exe
() C:\Program Files (x86)\FindRight\bin\utilFindRight.exe
() C:\Program Files (x86)\FindRight\updateFindRight.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ieuser.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533736 2008-06-20] (Synaptics, Inc.)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1418752 2008-09-23] (Motorola Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6942240 2008-12-02] (Realtek Semiconductor)
HKLM\...\Run: [NtrigApplet] - C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe [2508800 2008-10-04] (N-trig LLC)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DVDAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-25] (CyberLink)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Health Check Scheduler] - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [TVAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [206120 2009-02-09] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47392 2010-03-16] (Apple Inc.)
HKLM-x32\...\Run: [Memeo Backup Premium] - C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe [136416 2010-04-22] (Memeo Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273544 2011-05-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2008-11-14] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2894113137-3606334015-3764540335-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-03-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2894113137-3606334015-3764540335-1000\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2894113137-3606334015-3764540335-1000\...\Run: [uTorrent] - C:\Users\Brandi\AppData\Roaming\uTorrent\uTorrent. exe [1037648 2013-03-19] (BitTorrent Inc.)
HKU\S-1-5-21-2894113137-3606334015-3764540335-1000\...\Run: [iLivid] - C:\Users\Brandi\AppData\Local\iLivid\iLivid.exe [6827008 2013-09-08] (Bandoo Media Inc.)
HKU\S-1-5-21-2894113137-3606334015-3764540335-1000\...\MountPoints2: {eef78849-d93c-11e2-b308-00238bb50ea9} - G:\iLinker.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader .dll [1351968 2014-02-12] (Conduit)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32 Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader .dll [1047328 2014-02-12] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs-x32: C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll => "C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll" File Not Found
Startup: C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN1064...a11465-224&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {199693D2-BF93-4992-B547-FDE1D51CB7BF} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {199693D2-BF93-4992-B547-FDE1D51CB7BF} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {4491A8D3-A3F6-423A-8C63-B518696A64EB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1235&systemid=406&v=a11465-224&apn_uid=6244156816704594&apn_dtid=BND406&o=APN 10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationT ype=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100617235859394&tb_oid=07-10-2009&tb_mrud=17-06-2010
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationT ype=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100617235859394&tb_oid=07-10-2009&tb_mrud=17-06-2010
SearchScopes: HKLM-x32 - {199693D2-BF93-4992-B547-FDE1D51CB7BF} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 - {4491A8D3-A3F6-423A-8C63-B518696A64EB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {993f1df9-4ef3-450c-bf9c-f312f7be85d0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm853YYus&ptnrS=ZKxdm853YYus&si =c43d415c&ptb=59CEF54C-5DBD-4324-A70E-9AF0EDEC538F&ind=2012052013&n=77ed7a2d&psa=&st=sb& searchfor={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1235&systemid=406&v=a11465-224&apn_uid=6244156816704594&apn_dtid=BND406&o=APN 10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=r etail&geo=US&ver=20&locale=en_US
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationT ype=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100617235859394&tb_oid=07-10-2009&tb_mrud=17-06-2010
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=NCH2&o=APN10111&src=crm&q={s earchTerms}&locale=&apn_ptnrs=^A5M&apn_dtid=^YYYYY Y^YY^US&apn_uid=66aacfd0-159a-4b3b-bd59-3d679067d425&apn_sauid=67045375-5308-4B2F-A486-77BDB1529688
SearchScopes: HKCU - {199693D2-BF93-4992-B547-FDE1D51CB7BF} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKCU - {4491A8D3-A3F6-423A-8C63-B518696A64EB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {74d7b29d-65ab-4a39-a449-af22a2da979a} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationT ype=bu10aiminstabie7
SearchScopes: HKCU - {993f1df9-4ef3-450c-bf9c-f312f7be85d0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm853YYus&ptnrS=ZKxdm853YYus&si =c43d415c&ptb=59CEF54C-5DBD-4324-A70E-9AF0EDEC538F&ind=2012052013&n=77ed7a2d&psa=&st=sb& searchfor={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1235&systemid=406&v=a11465-224&apn_uid=6244156816704594&apn_dtid=BND406&o=APN 10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=r etail&geo=US&ver=20&locale=en_US
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: FindRight - {cf710881-c002-4ea4-860a-b6931b040948} - C:\Program Files (x86)\FindRight\FindRightBHO.dll (FindRight)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.190.192.35 71.9.127.107 24.205.224.36

FireFox:
========
FF ProfilePath: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default
FF user.js: detected! => C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\user.js
FF NewTab: about:blank
FF DefaultSearchEngine: My Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: My Web Search
FF Homepage: https://www.google.com/
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=59CEF54C-5DBD-4324-A70E-9AF0EDEC538F&n=77ed78a6&ind=2012051622&id=ZKxdm853 YYus&ptnrS=ZKxdm853YYus&si=c43d415c&searchfor=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_ 70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_ 70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.647 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Brandi\AppData\Roaming\Facebook\npfbplugi n_1_0_3.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\AIM Search.xml
FF SearchPlugin: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\aim-search.xml
FF SearchPlugin: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\safesearch.x ml
FF SearchPlugin: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\search-ebay.xml
FF SearchPlugin: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\youtube.xml
FF Extension: Webfetti - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\52ffxtbr@Webfet ti_52.com [2012-10-11]
FF Extension: eBay Quick Search - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\ebayquicksearch @upaaya [2011-02-23]
FF Extension: ColorfulTabs - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013-12-07]
FF Extension: No Name - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-08]
FF Extension: AOL Messaging Toolbar - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2013-11-28]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-17]
FF Extension: StumbleUpon - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-05-08]
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-03-09]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2011-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFF [2013-11-27]

Chrome:
=======
CHR HomePage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1235&v=a11465-224&t=4
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: http://dts.search.ask.com/sr?src=crb&gct=ds&appid=1235&systemid=406&v=a11465-224&apn_uid=6244156816704594&apn_dtid=BND406&o=APN 10645&apn_ptnrs=AG6&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGo ogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf. dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\gcsw f32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Brandi\AppData\Roaming\Facebook\npfbplugi n_1_0_3.dll ( )
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Movies Toolbar) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdic kgnnob [2014-01-11]
CHR Extension: (YouTube) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2011-12-20]
CHR Extension: (Google Search) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2011-12-20]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjf jnkonk [2011-12-20]
CHR Extension: (Norton Identity Protection) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk [2013-03-11]
CHR Extension: (Google Wallet) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2013-11-28]
CHR Extension: (Gmail) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2011-12-20]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Brandi\AppData\Local\ilividmoviestoolbarh a\GC\toolbar.crx [2013-08-19]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Chrome\Ext\rphtml5video.crx [2011-05-25]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-06-08]

==================== Services (Whitelisted) =================

R2 ClickAndMark; C:\Program Files (x86)\click-n-mark\ClickAndMark153.exe [181760 2014-02-21] ()
R2 MediaDevSrv; C:\ProgramData\MediaDev\1393043371\mediadev.exe [368960 2014-02-21] ()
R2 MemeoBackgroundService; C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.e xe [25824 2010-04-22] (Memeo)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2009-02-09] ()
R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2009-02-09] ()
R2 Update FindRight; C:\Program Files (x86)\FindRight\updateFindRight.exe [111904 2014-02-25] ()
R2 Util FindRight; C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [111392 2014-02-24] ()
R2 VOsrv; C:\Users\Brandi\AppData\Roaming\VOPackage\VOsrv.ex e [61464 2014-02-21] ()
R2 WinDevSrv; C:\Users\Brandi\AppData\Roaming\UpdateServ\Updater Service.exe [368960 2014-02-13] (Media Corporation)
S2 DatamngrCoordinator2; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\ 20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\cc Setx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\2 0140227.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs \20140227.009\ENG64.SYS [126040 2014-01-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs \20140227.009\EX64.SYS [2099288 2014-01-10] (Symantec Corporation)
R3 NtrigDigitizerUSBLowerFilter; C:\Windows\System32\DRIVERS\NtrigDigitizerUSBLower Filter.sys [6656 2008-07-27] (Windows (R) Codename Longhorn DDK provider)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1200128 2008-09-23] (Motorola Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SR TSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SR TSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SY MDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SY MEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ir onx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1404000.028\SY MTDIV.SYS [457304 2013-04-24] (Symantec Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
U4 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-28 10:42 - 2014-02-28 10:43 - 00036364 _____ () C:\Users\Brandi\Desktop\FRST.txt
2014-02-28 10:41 - 2014-02-28 10:42 - 00000000 ____D () C:\FRST
2014-02-28 10:40 - 2014-02-28 10:40 - 02155520 _____ (Farbar) C:\Users\Brandi\Desktop\FRST64.exe
2014-02-24 20:14 - 2014-02-26 06:32 - 00000000 ____D () C:\Program Files (x86)\FindRight
2014-02-24 20:13 - 2014-02-24 20:13 - 00000905 _____ () C:\Users\Public\Desktop\Open It!.lnk
2014-02-24 20:13 - 2014-02-24 20:13 - 00000000 ____D () C:\Program Files (x86)\OpenIt
2014-02-24 20:12 - 2014-02-24 20:12 - 00000890 _____ () C:\Users\Brandi\Desktop\Continue Zip Opener Installation.lnk
2014-02-24 20:11 - 2014-02-24 20:11 - 01076216 _____ () C:\Users\Brandi\Downloads\ZipSetup.exe
2014-02-24 19:00 - 2014-02-24 19:00 - 00675015 _____ () C:\Users\Brandi\Downloads\Session 7.pptx
2014-02-24 18:58 - 2014-02-24 18:58 - 00543232 _____ () C:\Users\Brandi\Downloads\Writing About Themes thesis statements (1).ppt
2014-02-24 18:54 - 2014-02-24 18:54 - 00543232 _____ () C:\Users\Brandi\Downloads\Writing About Themes thesis statements.ppt
2014-02-23 15:09 - 2014-02-23 15:09 - 00862128 _____ (Download Manager Cert ) C:\Users\Brandi\Downloads\setup.exe (1).exe
2014-02-23 15:08 - 2014-02-23 15:09 - 00862128 _____ (Download Manager Cert ) C:\Users\Brandi\Downloads\setup.exe.exe
2014-02-21 22:04 - 2014-02-21 22:04 - 00000844 _____ () C:\Users\Brandi\Desktop\AnyProtect.lnk
2014-02-21 22:04 - 2014-02-21 22:04 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\AnyProtect PC Backup
2014-02-21 20:51 - 2014-02-21 20:50 - 00828200 _____ (AnyProtect.com) C:\Users\Brandi\AppData\Local\nsnC156.tmp
2014-02-21 20:50 - 2014-02-21 22:04 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-02-21 20:40 - 2014-02-21 22:08 - 00000887 _____ () C:\Users\Brandi\Desktop\Continue VuuPC Installation.lnk
2014-02-21 20:30 - 2014-02-23 16:02 - 00000360 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-02-21 20:30 - 2014-02-21 20:30 - 00003382 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-02-21 20:30 - 2014-02-21 20:30 - 00000000 ____D () C:\Users\Brandi\AppData\Local\SwvUpdater
2014-02-21 20:29 - 2014-02-21 20:35 - 00000000 ____D () C:\Users\Brandi\AppData\Local\GCC
2014-02-21 20:29 - 2014-02-21 20:29 - 00004546 _____ () C:\Windows\System32\Tasks\GC_Informer
2014-02-21 20:29 - 2014-02-21 20:29 - 00004530 _____ () C:\Windows\System32\Tasks\GC_Scheduler
2014-02-21 20:29 - 2014-02-21 20:29 - 00000000 ____D () C:\ProgramData\MediaDev
2014-02-21 18:53 - 2014-02-21 20:30 - 00000000 ____D () C:\Users\Brandi\AppData\Local\SearchProtect
2014-02-21 18:53 - 2014-02-21 20:29 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-21 18:53 - 2014-02-21 18:53 - 00003038 _____ () C:\Windows\System32\Tasks\ClickAndMark Update
2014-02-21 18:53 - 2014-02-21 18:53 - 00001768 _____ () C:\Users\Brandi\Desktop\Configure VO Package.lnk
2014-02-21 18:53 - 2014-02-21 18:53 - 00000388 _____ () C:\Windows\Tasks\ClickAndMark Update.job
2014-02-21 18:53 - 2014-02-21 18:53 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\VOPackage
2014-02-21 18:52 - 2014-02-24 18:53 - 00000390 _____ () C:\Windows\Tasks\ClickAndMark_wd.job
2014-02-21 18:52 - 2014-02-21 18:53 - 00000000 ____D () C:\Program Files (x86)\click-n-mark
2014-02-21 18:52 - 2014-02-21 18:52 - 00002980 _____ () C:\Windows\System32\Tasks\ClickAndMark_wd
2014-02-21 18:52 - 2014-02-21 18:52 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-02-21 18:43 - 2014-02-24 21:13 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\UpdateServ
2014-02-21 18:43 - 2014-02-21 20:29 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-02-21 18:43 - 2014-02-21 18:43 - 00966464 _____ () C:\Users\Brandi\Downloads\flv_installer.exe
2014-02-14 08:28 - 2014-02-24 22:58 - 00000000 ____D () C:\ProgramData\Datamngr
2014-02-10 13:19 - 2014-02-10 13:19 - 00921000 _____ (Oracle Corporation) C:\Users\Brandi\Downloads\chromeinstall-7u51 (1).exe
2014-02-10 13:10 - 2014-02-10 13:10 - 00921000 _____ (Oracle Corporation) C:\Users\Brandi\Downloads\chromeinstall-7u51.exe
2014-02-08 01:05 - 2014-02-08 01:05 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-08 01:05 - 2014-02-08 01:05 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\Malwarebytes
2014-02-08 01:05 - 2014-02-08 01:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 01:05 - 2014-02-08 01:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 01:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-08 01:04 - 2014-02-08 01:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brandi\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 00:57 - 2014-02-08 00:57 - 00262144 _____ () C:\Windows\Minidump\Mini020814-01.dmp

==================== One Month Modified Files and Folders =======

2014-02-28 10:43 - 2014-02-28 10:42 - 00036364 _____ () C:\Users\Brandi\Desktop\FRST.txt
2014-02-28 10:42 - 2014-02-28 10:41 - 00000000 ____D () C:\FRST
2014-02-28 10:40 - 2014-02-28 10:40 - 02155520 _____ (Farbar) C:\Users\Brandi\Desktop\FRST64.exe
2014-02-28 10:39 - 2013-03-19 08:43 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\uTorrent
2014-02-28 10:34 - 2013-03-20 12:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 10:34 - 2006-11-02 07:22 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 10:34 - 2006-11-02 07:22 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 10:33 - 2009-07-20 00:55 - 01594972 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 19:33 - 2011-04-15 19:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 17:05 - 2010-07-05 05:29 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\HpUpdate
2014-02-26 06:32 - 2014-02-24 20:14 - 00000000 ____D () C:\Program Files (x86)\FindRight
2014-02-24 22:58 - 2014-02-14 08:28 - 00000000 ____D () C:\ProgramData\Datamngr
2014-02-24 21:29 - 2011-04-15 19:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 21:13 - 2014-02-21 18:43 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\UpdateServ
2014-02-24 20:13 - 2014-02-24 20:13 - 00000905 _____ () C:\Users\Public\Desktop\Open It!.lnk
2014-02-24 20:13 - 2014-02-24 20:13 - 00000000 ____D () C:\Program Files (x86)\OpenIt
2014-02-24 20:12 - 2014-02-24 20:12 - 00000890 _____ () C:\Users\Brandi\Desktop\Continue Zip Opener Installation.lnk
2014-02-24 20:11 - 2014-02-24 20:11 - 01076216 _____ () C:\Users\Brandi\Downloads\ZipSetup.exe
2014-02-24 19:06 - 2014-01-28 14:08 - 00000000 ____D () C:\Users\Brandi\Documents\ESEC 506
2014-02-24 19:00 - 2014-02-24 19:00 - 00675015 _____ () C:\Users\Brandi\Downloads\Session 7.pptx
2014-02-24 18:58 - 2014-02-24 18:58 - 00543232 _____ () C:\Users\Brandi\Downloads\Writing About Themes thesis statements (1).ppt
2014-02-24 18:54 - 2014-02-24 18:54 - 00543232 _____ () C:\Users\Brandi\Downloads\Writing About Themes thesis statements.ppt
2014-02-24 18:53 - 2014-02-21 18:52 - 00000390 _____ () C:\Windows\Tasks\ClickAndMark_wd.job
2014-02-23 16:02 - 2014-02-21 20:30 - 00000360 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-02-23 15:34 - 2013-03-20 12:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-23 15:34 - 2013-03-20 12:22 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-23 15:34 - 2011-12-03 22:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-23 15:30 - 2009-10-18 14:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-23 15:09 - 2014-02-23 15:09 - 00862128 _____ (Download Manager Cert ) C:\Users\Brandi\Downloads\setup.exe (1).exe
2014-02-23 15:09 - 2014-02-23 15:08 - 00862128 _____ (Download Manager Cert ) C:\Users\Brandi\Downloads\setup.exe.exe
2014-02-21 22:08 - 2014-02-21 20:40 - 00000887 _____ () C:\Users\Brandi\Desktop\Continue VuuPC Installation.lnk
2014-02-21 22:04 - 2014-02-21 22:04 - 00000844 _____ () C:\Users\Brandi\Desktop\AnyProtect.lnk
2014-02-21 22:04 - 2014-02-21 22:04 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\AnyProtect PC Backup
2014-02-21 22:04 - 2014-02-21 20:50 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-02-21 20:50 - 2014-02-21 20:51 - 00828200 _____ (AnyProtect.com) C:\Users\Brandi\AppData\Local\nsnC156.tmp
2014-02-21 20:35 - 2014-02-21 20:29 - 00000000 ____D () C:\Users\Brandi\AppData\Local\GCC
2014-02-21 20:30 - 2014-02-21 20:30 - 00003382 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-02-21 20:30 - 2014-02-21 20:30 - 00000000 ____D () C:\Users\Brandi\AppData\Local\SwvUpdater
2014-02-21 20:30 - 2014-02-21 18:53 - 00000000 ____D () C:\Users\Brandi\AppData\Local\SearchProtect
2014-02-21 20:29 - 2014-02-21 20:29 - 00004546 _____ () C:\Windows\System32\Tasks\GC_Informer
2014-02-21 20:29 - 2014-02-21 20:29 - 00004530 _____ () C:\Windows\System32\Tasks\GC_Scheduler
2014-02-21 20:29 - 2014-02-21 20:29 - 00000000 ____D () C:\ProgramData\MediaDev
2014-02-21 20:29 - 2014-02-21 18:53 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-21 20:29 - 2014-02-21 18:43 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-02-21 18:53 - 2014-02-21 18:53 - 00003038 _____ () C:\Windows\System32\Tasks\ClickAndMark Update
2014-02-21 18:53 - 2014-02-21 18:53 - 00001768 _____ () C:\Users\Brandi\Desktop\Configure VO Package.lnk
2014-02-21 18:53 - 2014-02-21 18:53 - 00000388 _____ () C:\Windows\Tasks\ClickAndMark Update.job
2014-02-21 18:53 - 2014-02-21 18:53 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\VOPackage
2014-02-21 18:53 - 2014-02-21 18:52 - 00000000 ____D () C:\Program Files (x86)\click-n-mark
2014-02-21 18:52 - 2014-02-21 18:52 - 00002980 _____ () C:\Windows\System32\Tasks\ClickAndMark_wd
2014-02-21 18:52 - 2014-02-21 18:52 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-02-21 18:43 - 2014-02-21 18:43 - 00966464 _____ () C:\Users\Brandi\Downloads\flv_installer.exe
2014-02-20 23:39 - 2011-04-15 20:01 - 00001985 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-17 21:24 - 2011-04-15 19:53 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A
2014-02-17 21:24 - 2011-04-15 19:53 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore
2014-02-16 03:24 - 2009-10-24 20:25 - 00000366 _____ () C:\Windows\Tasks\Driver Robot.job
2014-02-16 03:06 - 2013-11-29 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:01 - 2006-11-02 04:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-14 08:29 - 2014-01-11 09:38 - 00000000 ____D () C:\ProgramData\Wincert
2014-02-10 13:20 - 2010-07-11 02:10 - 00000680 _____ () C:\Users\Brandi\AppData\Local\d3d9caps.dat
2014-02-10 13:19 - 2014-02-10 13:19 - 00921000 _____ (Oracle Corporation) C:\Users\Brandi\Downloads\chromeinstall-7u51 (1).exe
2014-02-10 13:10 - 2014-02-10 13:10 - 00921000 _____ (Oracle Corporation) C:\Users\Brandi\Downloads\chromeinstall-7u51.exe
2014-02-08 01:05 - 2014-02-08 01:05 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-08 01:05 - 2014-02-08 01:05 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\Malwarebytes
2014-02-08 01:05 - 2014-02-08 01:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 01:05 - 2014-02-08 01:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 01:04 - 2014-02-08 01:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brandi\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 01:02 - 2009-02-10 08:33 - 00003576 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-02-08 00:57 - 2014-02-08 00:57 - 00262144 _____ () C:\Windows\Minidump\Mini020814-01.dmp
2014-02-08 00:57 - 2012-07-25 15:39 - 00000000 ____D () C:\Windows\Minidump
2014-02-08 00:57 - 2012-07-25 15:37 - 562224261 _____ () C:\Windows\MEMORY.DMP
2014-02-08 00:57 - 2008-01-20 19:26 - 00854418 _____ () C:\Windows\PFRO.log
2014-02-08 00:57 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

Some content of TEMP:
====================
C:\Users\Brandi\AppData\Local\Temp\BundleSweetIMSe tup.exe
C:\Users\Brandi\AppData\Local\Temp\chrome.exe
C:\Users\Brandi\AppData\Local\Temp\Delta.exe
C:\Users\Brandi\AppData\Local\Temp\DeltaTB.exe
C:\Users\Brandi\AppData\Local\Temp\ICReinstall_Zip Setup.exe
C:\Users\Brandi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Brandi\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Brandi\AppData\Local\Temp\nsaE41.exe
C:\Users\Brandi\AppData\Local\Temp\nsf6FEC.exe
C:\Users\Brandi\AppData\Local\Temp\nsk6956.exe
C:\Users\Brandi\AppData\Local\Temp\nsl7CB.exe
C:\Users\Brandi\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit

SageWinard February 28th, 2014 07:51 PM

C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-10-06 12:49] - [2009-03-02 20:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 01:23

==================== End Of Log ============================

SageWinard February 28th, 2014 07:53 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by Brandi at 2014-02-28 10:43:51
Running from C:\Users\Brandi\Desktop
Boot Mode: Normal
================================================== ========


==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29342 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D17 02B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{FF57A2B3-B3C5-0F21-258B-0CEA210C4FC1}) (Version: 3.0.704.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2008.1209.2210.39772 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Czech (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Danish (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Dutch (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Finnish (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization French (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization German (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Greek (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Hungarian (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Italian (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Japanese (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Korean (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Norwegian (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Polish (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Portuguese (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Russian (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Spanish (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Swedish (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Thai (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Turkish (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Czech (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Danish (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Dutch (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help English (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Finnish (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help French (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help German (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Greek (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Italian (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Japanese (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Korean (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Polish (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Russian (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Spanish (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Swedish (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Thai (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Turkish (x32 Version: 2008.1210.1622.29379 - ATI) Hidden
ccc-core-static (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
ccc-utility64 (Version: 2008.1210.1623.29379 - ATI) Hidden
ClickAndMark (HKLM-x32\...\7072d455-3ad2-4858-a052-2f1ed24f29e6) (Version: - click-n-mark-software)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2326 - CyberLink Corp.) Hidden
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)
FindRight (HKLM\...\FindRight) (Version: 2014.02.24.175920 - FindRight) <==== ATTENTION
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
GigaClicks Crawler (HKLM-x32\...\GigaClicks Crawler) (Version: 4.0.0.45 - GigaClicks Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Common Access Service Library (x32 Version: 2.00 E6 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2328 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.1.2328 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.1.2425 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.1.2425 - Hewlett-Packard) Hidden
HP MediaSmart SlingPlayer (HKLM-x32\...\HP.MediaSmartSlingPlayer_is1) (Version: 2.1 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard)
HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.1.1409 - Hewlett-Packard)
HP MediaSmart TV (x32 Version: 2.1.1409 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.1.1124 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 2.1.1124 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5991.2847 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{612F4E20-3661-4D44-AD79-823F1B613FB3}) (Version: 5.002.008.001 - Hewlett-Packard)
HP User Guides 0123 (HKLM-x32\...\{C1A138F0-DF67-4E8D-B7AF-30C71BF8435D}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{E5E29403-3D25-40C6-892B-F9FEE2A95585}) (Version: 3.50 A6 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
iLivid (HKCU\...\iLivid) (Version: 5.0.0.4286 - Bandoo Media Inc) <==== ATTENTION
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Juno Preloader (HKLM-x32\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1118 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1118 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{3744B641-61DE-417F-BCDC-9CCED4224DF8}) (Version: 1.18.13.1 - LightScribe)
MAGIX Photo Manager 9 (HKLM-x32\...\MAGIX Photo Manager 9 US) (Version: 7.0.3.119 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare US) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Video easy SE (HKLM-x32\...\MAGIX_MSI_Video_easy_SE) (Version: 1.0.4.3 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.3 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Memeo Backup Premium (HKLM-x32\...\{347DA8D7-B858-421e-A154-5F438A36F1A4}) (Version: - Memeo Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{591362D4-590B-457E-9BA3-F4D9508B88BA}) (Version: 3.0.0.101 - Apple Inc.)
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NetZero Preloader (HKLM-x32\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
Norton 360 (HKLM-x32\...\N360) (Version: 20.4.0.40 - Symantec Corporation)
N-trig Software Bundle (HKLM-x32\...\{C283284D-FDB2-4438-A26A-40C62F7008E7}) (Version: 1.89.126 - N-trig)
Open It! (HKLM-x32\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2317 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2317 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version: - RealNetworks)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5749 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30098 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung i-Launcher 1.0.1.28 (HKLM-x32\...\Samsung i-Launcher) (Version: 1.0.1.28 - Samsung Electronics Co., Ltd.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.10.30.15 - Conduit) <==== ATTENTION
Skins (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
Slingbox - Watch Your TV Anywhere (HKLM-x32\...\{7B798B31-2F33-4DC8-BDA4-D36488E86636}) (Version: 1.0.0 - Sling Media)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.18.0 - Synaptics)
Uniblue RegistryBooster (HKLM-x32\...\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1) (Version: - Uniblue Systems Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - )
Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) (HKLM\...\07B260955637F1FF7587ED2AA87459040DD09BF7 ) (Version: 09/04/2008 2.6.0.0 - ENE)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Restore Points =========================

10-12-2013 06:39:05 Scheduled Checkpoint
12-12-2013 11:00:28 Windows Update
13-12-2013 19:18:10 Scheduled Checkpoint
15-12-2013 11:00:20 Windows Update
20-12-2013 03:06:34 Scheduled Checkpoint
29-12-2013 22:50:03 Removed Shopop
15-01-2014 11:00:20 Windows Update
16-01-2014 11:00:37 Windows Update
16-02-2014 11:00:24 Windows Update

==================== Hosts content: ==========================

2006-11-02 04:34 - 2006-09-18 13:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartP ages
Task: {231B554C-B531-4C0F-AB5D-898147D466E6} - System32\Tasks\ClickAndMark_wd => C:\Program Files (x86)\click-n-mark\ClickAndMark_wd.exe [2014-02-21] ()
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2551E917-DCD5-43AA-99B8-B630C8095CAB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {400420C5-B3B6-46F8-8FD2-2B191F8DCA21} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {45DBE210-14C4-487B-B48A-11B47206E4CF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {475C250C-840B-4819-AC75-B854599F83FA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2894113137-3606334015-3764540335-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {56133CEE-01F6-4EA1-9DF4-80CF69279555} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe
Task: {6B23742C-85C0-4F40-AA4D-A3020AE3396B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2014-02-23] (Adobe Systems Incorporated)
Task: {6DFF4FFE-491C-4AA2-B8AD-9AF32473B575} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2894113137-3606334015-3764540335-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProt ection\NAPStatus UI
Task: {AB0B80F3-1DD4-4133-9686-F825AEFB4DDA} - System32\Tasks\Driver Robot => C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe
Task: {C3DC203B-0B6F-446F-BD0B-A505658C24A0} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe
Task: {D44E5A8D-429D-4D30-BFE8-19893DE41420} - System32\Tasks\Microsoft\Windows\WindowsCalendar\R eminders - Brandi => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {D464F279-8088-47D7-8C77-00DBA6F29D20} - System32\Tasks\ClickAndMark Update => C:\Program Files (x86)\click-n-mark\clandm.exe [2014-02-21] ()
Task: {D4FE07C8-5C62-47B8-8FAC-EE25EBACB966} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {D5A65F34-0575-459A-8647-AA5B727DC94A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPer sonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-20] (Microsoft Corporation)
Task: {D6C6CA72-30A1-41AD-9B74-8E4F78AAB76C} - System32\Tasks\HPCeeScheduleForBrandi => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {D88E8F6B-646C-4FF6-A34E-1D210A93D045} - System32\Tasks\AmiUpdXp => C:\Users\Brandi\AppData\Local\SwvUpdater\Updater.e xe [2014-02-21] () <==== ATTENTION
Task: {DAA761B1-1538-4E10-BD47-0B2B7E97F7CC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {DF55982D-67B8-41BF-B3C4-89621EF9D64F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-15] (Google Inc.)
Task: {E20B3751-BC93-479E-9B8D-F905DE2F6D7A} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Sc heduler => %LOCALAPPDATA%\GCC\Controller.exe
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWi relessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EB5C6FF5-CE0E-446A-8F49-27326B7900AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-15] (Google Inc.)
Task: {F4914524-737B-4674-9585-52A7BFCC2DF0} - System32\Tasks\{3CAF10FA-1A85-4007-96B4-112FE61629D5} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Brandi\AppData\Local\SwvUpdater\Updater.e xe <==== ATTENTION
Task: C:\Windows\Tasks\ClickAndMark Update.job => C:\Program Files (x86)\click-n-mark\clandm.exe
Task: C:\Windows\Tasks\ClickAndMark_wd.job => C:\Program Files (x86)\click-n-mark\ClickAndMark_wd.exe
Task: C:\Windows\Tasks\Driver Robot.job => C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBrandi.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2009-02-10 08:26 - 2008-12-17 16:11 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
2009-02-10 06:57 - 2008-09-15 06:13 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-02-09 17:14 - 2009-02-09 17:14 - 00296320 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
2009-02-09 17:14 - 2009-02-09 17:14 - 00116096 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
2008-12-10 09:05 - 2008-12-10 09:05 - 00118272 _____ () C:\Windows\system32\atitmm64.dll
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-02-21 13:45 - 2014-02-21 13:45 - 00061464 _____ () C:\Users\Brandi\AppData\Roaming\VOPackage\VOsrv.ex e
2014-02-21 20:29 - 2014-02-21 20:29 - 00368960 _____ () C:\ProgramData\MediaDev\1393043371\mediadev.exe
2014-02-21 00:34 - 2014-02-21 00:34 - 00389712 _____ () C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe
2014-02-21 18:52 - 2014-02-21 18:52 - 00181760 _____ () C:\Program Files (x86)\click-n-mark\ClickAndMark153.exe
2014-02-24 20:15 - 2014-02-24 09:59 - 01727264 _____ () C:\Program Files (x86)\FindRight\FindRight.FirstRun.exe
2014-02-24 21:18 - 2014-02-24 21:18 - 00111392 _____ () C:\Program Files (x86)\FindRight\bin\utilFindRight.exe
2014-02-24 09:59 - 2014-02-25 06:39 - 00111904 _____ () C:\Program Files (x86)\FindRight\updateFindRight.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-10 08:26 - 2008-12-17 16:11 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2009-02-10 06:57 - 2008-09-15 06:13 - 00028672 _____ () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
2009-02-09 17:14 - 2009-02-09 17:14 - 00263560 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
2009-02-09 17:14 - 2009-02-09 17:14 - 00038184 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
2009-02-09 17:14 - 2009-02-09 17:14 - 00124288 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
2009-02-09 17:14 - 2009-02-09 17:14 - 00349480 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
2013-06-08 10:33 - 2012-05-30 06:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
2010-03-19 09:45 - 2010-03-19 09:45 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-03-19 09:45 - 2010-03-19 09:45 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-03-19 09:45 - 2010-03-19 09:45 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-12-25 12:41 - 2008-12-25 12:41 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrar y.dll
2010-04-22 16:39 - 2010-04-22 16:39 - 02887904 _____ () C:\Program Files (x86)\Memeo\AutoBackupPro\Memeo.Client.UI.dll
2010-04-22 16:38 - 2010-04-22 16:38 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackupPro\Memeo.Client.DriveDetect ion.dll
2010-03-22 14:59 - 2010-03-22 14:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackupPro\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2014 10:33:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 53556391

Error: (02/28/2014 10:33:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 53556391

Error: (02/28/2014 10:33:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/28/2014 10:33:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 53555159

Error: (02/28/2014 10:33:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 53555159

Error: (02/28/2014 10:33:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/28/2014 10:33:54 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.co...throotstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/28/2014 10:33:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 53550682

Error: (02/28/2014 10:33:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 53550682

Error: (02/28/2014 10:33:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/24/2014 10:58:34 PM) (Source: Service Control Manager) (User: )
Description: Datamngr Coordinator%%2

Error: (02/24/2014 10:58:33 PM) (Source: Service Control Manager) (User: )
Description: Datamngr Coordinator%%2

Error: (02/24/2014 10:58:20 PM) (Source: Service Control Manager) (User: )
Description: Datamngr Coordinator1

Error: (02/23/2014 09:25:47 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (02/21/2014 08:29:46 PM) (Source: Service Control Manager) (User: )
Description: MediaDevSrv

Error: (02/21/2014 06:43:48 PM) (Source: Service Control Manager) (User: )
Description: WinDevSrv

Error: (02/14/2014 08:29:23 AM) (Source: Service Control Manager) (User: )
Description: Datamngr Coordinator

Error: (02/12/2014 11:04:59 PM) (Source: Service Control Manager) (User: )
Description: 30000LanmanWorkstation

Error: (02/11/2014 09:28:30 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (02/10/2014 00:10:19 PM) (Source: DCOM) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-02-28 10:42:58.408
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-28 10:42:58.088
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-28 10:42:57.772
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-28 10:42:57.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-28 10:42:57.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-28 10:42:56.790
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-28 10:42:56.443
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-28 10:42:56.128
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-28 10:42:55.460
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\S YMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

Date: 2014-02-28 10:42:55.140
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\S YMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 3836.2 MB
Available physical RAM: 1554.55 MB
Total Pagefile: 7890.41 MB
Available Pagefile: 4888.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.69 GB) (Free:54.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:12.39 GB) (Free:1.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 298 GB) (Disk ID: 43835ACC)
Partition 1: (Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber March 1st, 2014 10:25 AM

And what kind of problems do you have with this system?

SageWinard March 1st, 2014 07:05 PM

Extreme system slow down, popups after clicking on anything in chrome and internet explorer. Automatic shutdown/blue screen (unsure of message at this point) Norton keeps picking up chrome using alot of system resources

schrauber March 2nd, 2014 05:47 PM

Next, download ComboFix Save to the Desktop
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.

SageWinard March 2nd, 2014 09:06 PM

ComboFix 14-02-24.02 - Brandi 03/02/2014 11:40:34.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3836.2027 [GMT -8:00]
Running from: c:\users\Brandi\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\UpdateTask
c:\programdata\UpdateTask\feedback.exe
c:\users\Brandi\AppData\Local\nsnC156.tmp
c:\users\Brandi\AppData\Local\Temp\GC\Profiles\{58 A63E15-5A76-4378-A694-F72B486E2135}\Default\Extensions\jmiibbdogibcphdfk kmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Brandi\AppData\Local\Temp\GC\Profiles\{58 A63E15-5A76-4378-A694-F72B486E2135}\Default\Extensions\jmiibbdogibcphdfk kmlimfffneaecbc\2.4_0\plugin\mutechrome.dll
c:\users\Brandi\AppData\Roaming\Microsoft\Windows\ Recent\18th-CENTURY SOUTH AMERICA.160.doc
c:\users\Brandi\Documents\~WRL0001.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-02-02 to 2014-03-02 )))))))))))))))))))))))))))))))
.
.
2014-03-02 19:54 . 2014-03-02 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-28 18:41 . 2014-02-28 18:45 -------- d-----w- C:\FRST
2014-02-25 04:13 . 2014-02-25 04:13 -------- d-----w- c:\program files (x86)\OpenIt
2014-02-22 04:50 . 2014-02-22 06:04 -------- d-----w- c:\program files (x86)\AnyProtectEx
2014-02-22 04:30 . 2014-03-02 04:54 -------- d-----w- c:\users\Brandi\AppData\Local\SwvUpdater
2014-02-22 04:29 . 2014-03-02 04:54 -------- d-----w- c:\users\Brandi\AppData\Local\GCC
2014-02-22 04:29 . 2014-02-22 04:29 -------- d-----w- c:\programdata\MediaDev
2014-02-22 02:53 . 2014-02-22 04:30 -------- d-----w- c:\users\Brandi\AppData\Local\SearchProtect
2014-02-22 02:53 . 2014-02-22 02:53 -------- d-----w- c:\users\Brandi\AppData\Roaming\VOPackage
2014-02-22 02:52 . 2014-02-22 02:53 -------- d-----w- c:\program files (x86)\click-n-mark
2014-02-22 02:43 . 2014-02-22 04:29 -------- d-----w- c:\programdata\UpdateCommon
2014-02-22 02:43 . 2014-03-02 04:54 -------- d-----w- c:\users\Brandi\AppData\Roaming\UpdateServ
2014-02-08 09:05 . 2014-02-08 09:05 -------- d-----w- c:\users\Brandi\AppData\Roaming\Malwarebytes
2014-02-08 09:05 . 2014-02-08 09:05 -------- d-----w- c:\programdata\Malwarebytes
2014-02-08 09:05 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-08 09:05 . 2014-02-08 09:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2014-02-23 23:34 . 2013-03-20 20:22 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-23 23:34 . 2011-12-04 06:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-16 11:01 . 2006-11-02 12:35 88567024 ----a-w- c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"uTorrent"="c:\users\Brandi\AppData\Roaming\uTorre nt\uTorrent.exe" [2013-03-19 1037648]
"iLivid"="c:\users\Brandi\AppData\Local\iLivid\iLi vid.exe" [2013-09-08 6827008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-10 206120]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Memeo Backup Premium"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2010-04-23 136416]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-05-25 273544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Brandi\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\bitguard.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\bprotect.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\bpsvc.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\browsemngr.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\browserdefender.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\browsermngr.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\browserprotect.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\browsersafeguard.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\bundlesweetimsetup.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\delta babylon.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\delta tb.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\delta2.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\deltainstaller.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\deltasetup.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\deltatb.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\deltatb_2501-c733154b.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\dprotectsvc.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\iminentsetup.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\protectedsearch.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\rjatydimofu.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\searchprotection.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\searchprotector.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\snapdo.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\stinst32.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\stinst64.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\sweetimsetup.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\tbdelta.exetoolbar783881609.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\image file execution options\utiljumpflip.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 18:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-21 07:30 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Inst aller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2013-03-20 23:34]
.
2014-03-02 c:\windows\Tasks\ClickAndMark Update.job
- c:\program files (x86)\click-n-mark\clandm.exe [2014-02-22 02:52]
.
2014-03-02 c:\windows\Tasks\ClickAndMark_wd.job
- c:\program files (x86)\click-n-mark\ClickAndMark_wd.exe [2014-02-22 02:52]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 03:52]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 03:52]
.
2012-07-24 c:\windows\Tasks\HPCeeScheduleForBrandi.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-10 19:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1533736]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-09-23 1418752]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-02 6942240]
"NtrigApplet"="c:\program files\N-trig\N-trig Software Bundle\NtrigApplet.exe" [2008-10-04 2508800]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1235&v=a11465-224&t=4
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cnnb
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:13828
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Toolbar-10 - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\N 360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{ 55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2894113137-3606334015-3764540335-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D0C21091-FF8E-432C-9006-0540E81BA9D7}"=hex:51,66,7a,6c,4c,1d,3b,42,81,0c,d 8,
c0,bd,ad,42,0d,8d,0e,40,00,eb,5e,ec,cd
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,38,12,ab,c5,1 e,
a0,e2,37,c6,09,de,93,cc,b9,8c,f1,55,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Ty peLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Ty peLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Ty peLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Ty peLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00 ,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-03-02 11:59:09
ComboFix-quarantined-files.txt 2014-03-02 19:59
.
Pre-Run: 59,179,012,096 bytes free
Post-Run: 59,394,383,872 bytes free
.
- - End Of File - - 8FA662FC01B355E0D217DEF18202D91E

schrauber March 3rd, 2014 08:02 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

SageWinard March 4th, 2014 06:19 AM

I ran malware bytes when the system firsty had problems and removed many infections. here is the newest log though.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.02.02

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Brandi :: BRANDI-PC [administrator]

3/3/2014 8:22:51 PM
mbam-log-2014-03-03 (20-22-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226147
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Brandi\Downloads\applianflv.exe (PUP.Optional.SafeInstall.A) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\Player-Chrome.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.

(end)

SageWinard March 4th, 2014 06:41 AM

adware log. as a sidenote system is running extremely slow and i keep getting popups/

# AdwCleaner v3.020 - Report created 03/03/2014 at 21:31:53
# Updated 27/02/2014 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# Username : Brandi - BRANDI-PC
# Running from : C:\Users\Brandi\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : VOsrv

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\BitGuard
[!] Folder Deleted : C:\ProgramData\Browser Manager
[!] Folder Deleted : C:\ProgramData\BrowserProtect
[!] Folder Deleted : C:\ProgramData\NCH Software
[!] Folder Deleted : C:\ProgramData\WeCareReminder
[!] Folder Deleted : C:\ProgramData\wincert
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
[!] Folder Deleted : C:\Program Files (x86)\AnyProtectEx
[!] Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
[!] Folder Deleted : C:\Program Files (x86)\Movies Toolbar
[!] Folder Deleted : C:\Program Files (x86)\NCH Software
[!] Folder Deleted : C:\Program Files (x86)\openit
[!] Folder Deleted : C:\Program Files (x86)\uniblue
[!] Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
[!] Folder Deleted : C:\Users\Brandi\AppData\Local\iLivid
[!] Folder Deleted : C:\Users\Brandi\AppData\Local\ilividmoviestoolbarh a
[!] Folder Deleted : C:\Users\Brandi\AppData\Local\SearchProtect
[!] Folder Deleted : C:\Users\Brandi\AppData\Local\SwvUpdater
[!] Folder Deleted : C:\Users\Brandi\AppData\Local\Webfetti_52
[!] Folder Deleted : C:\Users\Brandi\AppData\LocalLow\ilividmoviestoolb arha
[!] Folder Deleted : C:\Users\Brandi\AppData\Roaming\Systweak
[!] Folder Deleted : C:\Users\Brandi\AppData\Roaming\uniblue
[!] Folder Deleted : C:\Users\Brandi\AppData\Roaming\VOPackage
[!] Folder Deleted : C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\AnyProtect PC Backup
[!] Folder Deleted : C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\ilividmoviestoolbarha
[!] Folder Deleted : C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\StumbleUpon
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Brandi\Desktop\AnyProtect.lnk
File Deleted : C:\Users\Brandi\Desktop\Configure VO Package.lnk
File Deleted : C:\Users\Brandi\Desktop\iLivid.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\safesearch.x ml
File Deleted : C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\user.js
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser. 1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdControl ler
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdControl ler.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\openit open it!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pc optimizer pro
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68D EBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ File : C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.surf.date", "186");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "26");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "10");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2011");
Line Deleted : user_pref("aol_toolbar.surf.month", "3592");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "4464");
Line Deleted : user_pref("aol_toolbar.surf.total", "152102");
Line Deleted : user_pref("aol_toolbar.surf.week", "1683");
Line Deleted : user_pref("aol_toolbar.surf.year", "65807");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "My Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=06-10-2009&tb_mrud=18-06-[...]
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "My Web Search");
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngin e", "Norton Safe Search");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=06-10-2009&tb_mr[...]
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngi ne", "Norton Safe Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=23DF776B-15BF-4EAE-82A5-2715741CDE3C&n=77ed4c77&ptnrS=GPxdm003YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.installation.installDate", "2012040311");
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.installation.partnerId", "GPxdm003YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.installation.toolbarId", "23DF776B-15BF-4EAE-82A5-2715741CDE3C");
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.lastActivePing", "1333476388121");
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2lMembers _.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://www.music-oasis.com/download/Audio/Music-Oasis?a=2635&f=musicoasis\",\"favIcon\":\"hxxp://cdn.music-o[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._52Members _.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=59CEF54C-5DBD-4324-A70E-9AF0EDEC538F&n=77ed78a6&ptnrS=ZKxdm853YYus&si=c43d 415c");
Line Deleted : user_pref("extensions.toolbar.mindspark._52Members _.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._52Members _.installation.installDate", "2012051622");
Line Deleted : user_pref("extensions.toolbar.mindspark._52Members _.installation.partnerId", "ZKxdm853YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._52Members _.installation.partnerSubId", "c43d415c");
Line Deleted : user_pref("extensions.toolbar.mindspark._52Members _.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._52Members _.installation.toolbarId", "59CEF54C-5DBD-4324-A70E-9AF0EDEC538F");
Line Deleted : user_pref("extensions.toolbar.mindspark._52Members _.lastActivePing", "1388357232433");
Line Deleted : user_pref("extensions.toolbar.mindspark._52Members _.searchHistory", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._52Members _.tab.date", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._52Members _.weather.location", "90001");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstal led", "webfetti@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.sa.enabled ", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.sa.owner", "webfetti@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.tab.enable d", false);
Line Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=59CEF54C-5DBD-4324-A70E-9AF0EDEC538F&n=77ed78a6&ind=2012051622&id=ZKxdm853 YYus&ptnrS=ZKxdm853YYus&si=c43d415[...]

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [15760 octets] - [03/03/2014 21:30:00]
AdwCleaner[S0].txt - [15105 octets] - [03/03/2014 21:31:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15166 octets] ##########

schrauber March 4th, 2014 08:46 AM

Looks much better.


I'd like us to scan your machine with ESET OnlineScanA log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Also please post back with a fresh FRST logfile and tell me how the system is running.

SageWinard March 7th, 2014 08:38 AM

So I scanned with eset, and had left the computer on while I went to work. When I got back, someone had clicked finish already, so I don't have the log in the program files section. :/ Here is the FRST log, system is running a little slow.

When i click in internet explorer, a pop up comes up, no matter what website. I am worried something is or was up with chrome, because norton keeps bringing up errors that chrome is using extra resources.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014
Ran by Brandi (administrator) on BRANDI-PC on 06-03-2014 23:34:03
Running from C:\Users\Brandi\Desktop
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\ProgramData\MediaDev\1393043371\mediadev.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.e xe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Media Corporation) C:\Users\Brandi\AppData\Roaming\UpdateServ\Updater Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(N-trig LLC) C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(BitTorrent Inc.) C:\Users\Brandi\AppData\Roaming\uTorrent\uTorrent. exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
() C:\Program Files (x86)\click-n-mark\ClickAndMark153.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ieuser.exe
(Microsoft Corp.) c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_ 0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
() C:\Users\Brandi\AppData\Local\GCC\Controller.exe
() C:\Users\Brandi\AppData\Local\GCC\Controller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Brandi\AppData\Local\GCC\Chrome-bin\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533736 2008-06-20] (Synaptics, Inc.)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1418752 2008-09-23] (Motorola Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6942240 2008-12-02] (Realtek Semiconductor)
HKLM\...\Run: [NtrigApplet] - C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe [2508800 2008-10-04] (N-trig LLC)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DVDAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-25] (CyberLink)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Health Check Scheduler] - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [TVAgent] - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [206120 2009-02-09] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47392 2010-03-16] (Apple Inc.)
HKLM-x32\...\Run: [Memeo Backup Premium] - C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe [136416 2010-04-22] (Memeo Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273544 2011-05-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2008-11-14] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\S-1-5-21-2894113137-3606334015-3764540335-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-03-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2894113137-3606334015-3764540335-1000\...\Run: [uTorrent] - C:\Users\Brandi\AppData\Roaming\uTorrent\uTorrent. exe [1037648 2013-03-19] (BitTorrent Inc.)
Startup: C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {199693D2-BF93-4992-B547-FDE1D51CB7BF} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {199693D2-BF93-4992-B547-FDE1D51CB7BF} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {4491A8D3-A3F6-423A-8C63-B518696A64EB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationT ype=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100617235859394&tb_oid=07-10-2009&tb_mrud=17-06-2010
SearchScopes: HKLM-x32 - {199693D2-BF93-4992-B547-FDE1D51CB7BF} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 - {4491A8D3-A3F6-423A-8C63-B518696A64EB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {993f1df9-4ef3-450c-bf9c-f312f7be85d0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm853YYus&ptnrS=ZKxdm853YYus&si =c43d415c&ptb=59CEF54C-5DBD-4324-A70E-9AF0EDEC538F&ind=2012052013&n=77ed7a2d&psa=&st=sb& searchfor={searchTerms}
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationT ype=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100617235859394&tb_oid=07-10-2009&tb_mrud=17-06-2010
SearchScopes: HKCU - {199693D2-BF93-4992-B547-FDE1D51CB7BF} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKCU - {4491A8D3-A3F6-423A-8C63-B518696A64EB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {74d7b29d-65ab-4a39-a449-af22a2da979a} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationT ype=bu10aiminstabie7
SearchScopes: HKCU - {993f1df9-4ef3-450c-bf9c-f312f7be85d0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm853YYus&ptnrS=ZKxdm853YYus&si =c43d415c&ptb=59CEF54C-5DBD-4324-A70E-9AF0EDEC538F&ind=2012052013&n=77ed7a2d&psa=&st=sb& searchfor={searchTerms}
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.190.192.35 71.9.127.107 24.205.224.36

FireFox:
========
FF ProfilePath: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default
FF NewTab: about:blank
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_ 70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_ 70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.647 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Brandi\AppData\Roaming\Facebook\npfbplugi n_1_0_3.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\AIM Search.xml
FF SearchPlugin: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\aim-search.xml
FF SearchPlugin: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\search-ebay.xml
FF SearchPlugin: C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\searchplugins\youtube.xml
FF Extension: Webfetti - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\52ffxtbr@Webfet ti_52.com [2012-10-11]
FF Extension: eBay Quick Search - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\ebayquicksearch @upaaya [2011-02-23]
FF Extension: ColorfulTabs - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013-12-07]
FF Extension: No Name - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-08]
FF Extension: AOL Messaging Toolbar - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2013-11-28]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-17]
FF Extension: StumbleUpon - C:\Users\Brandi\AppData\Roaming\Mozilla\Firefox\Pr ofiles\00gn9q7v.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-05-08]
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-03-09]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2011-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFF [2013-11-27]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: http://dts.search.ask.com/sr?src=crb&gct=ds&appid=1235&systemid=406&v=a11465-224&apn_uid=6244156816704594&apn_dtid=BND406&o=APN 10645&apn_ptnrs=AG6&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGo ogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf. dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcsw f32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Brandi\AppData\Roaming\Facebook\npfbplugi n_1_0_3.dll ( )
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2011-12-20]
CHR Extension: (Google Search) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2011-12-20]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjf jnkonk [2011-12-20]
CHR Extension: (Norton Identity Protection) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk [2013-03-11]
CHR Extension: (Google Wallet) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2013-11-28]
CHR Extension: (Gmail) - C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2011-12-20]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Brandi\AppData\Local\ilividmoviestoolbarh a\GC\toolbar.crx [2011-12-20]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Chrome\Ext\rphtml5video.crx [2011-05-25]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-06-08]

==================== Services (Whitelisted) =================

R2 MediaDevSrv; C:\ProgramData\MediaDev\1393043371\mediadev.exe [368960 2014-02-21] ()
R2 MemeoBackgroundService; C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.e xe [25824 2010-04-22] (Memeo)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2009-02-09] ()
R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2009-02-09] ()
R2 WinDevSrv; C:\Users\Brandi\AppData\Roaming\UpdateServ\Updater Service.exe [368960 2014-02-13] (Media Corporation)
R2 ClickAndMark; C:\Program Files (x86)\click-n-mark\ClickAndMark153.exe [X]
S2 DatamngrCoordinator2; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]

==================== Drivers (Whitelisted) ====================

S1 Beep; No ImagePath
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\ 20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\cc Setx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\2 0140304.002\IDSvia64.sys [524504 2014-03-05] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs \20140305.009\ENG64.SYS [126040 2014-01-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs \20140305.009\EX64.SYS [2099288 2014-01-10] (Symantec Corporation)
R3 NtrigDigitizerUSBLowerFilter; C:\Windows\System32\DRIVERS\NtrigDigitizerUSBLower Filter.sys [6656 2008-07-27] (Windows (R) Codename Longhorn DDK provider)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1200128 2008-09-23] (Motorola Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SR TSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SR TSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SY MDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SY MEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ir onx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1404000.028\SY MTDIV.SYS [457304 2013-04-24] (Symantec Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-06 23:33 - 2014-03-06 23:33 - 00000000 ____D () C:\Users\Brandi\Desktop\FRST-OlderVersion
2014-03-05 20:31 - 2014-03-05 20:31 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (16).exe
2014-03-05 20:31 - 2014-03-05 20:31 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (15).exe
2014-03-05 20:30 - 2014-03-05 20:31 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (14).exe
2014-03-05 20:30 - 2014-03-05 20:30 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (13).exe
2014-03-05 20:30 - 2014-03-05 20:30 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (12).exe
2014-03-05 20:30 - 2014-03-05 20:30 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (11).exe
2014-03-05 20:29 - 2014-03-05 20:29 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (9).exe
2014-03-05 20:29 - 2014-03-05 20:29 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (8).exe
2014-03-05 20:29 - 2014-03-05 20:29 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (7).exe
2014-03-05 20:29 - 2014-03-05 20:29 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (10).exe
2014-03-05 20:28 - 2014-03-05 20:28 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (6).exe
2014-03-05 20:28 - 2014-03-05 20:28 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (5).exe
2014-03-05 20:28 - 2014-03-05 20:28 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (4).exe
2014-03-05 20:27 - 2014-03-05 20:27 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649211_0_0_0_0.exe
2014-03-05 20:27 - 2014-03-05 20:27 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649211_0_0_0_0 (1).exe
2014-03-05 20:27 - 2014-03-05 20:27 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0.exe
2014-03-05 20:27 - 2014-03-05 20:27 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (3).exe
2014-03-05 20:27 - 2014-03-05 20:27 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (2).exe
2014-03-05 20:27 - 2014-03-05 20:27 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (1).exe
2014-03-05 13:59 - 2014-03-05 13:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-03 21:46 - 2014-03-03 21:46 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-03 21:29 - 2014-03-03 21:33 - 00000000 ____D () C:\AdwCleaner
2014-03-03 21:28 - 2014-03-03 21:28 - 01244192 _____ () C:\Users\Brandi\Desktop\adwcleaner.exe
2014-03-03 18:36 - 2014-03-03 18:36 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-03-02 21:39 - 2014-03-02 21:39 - 00862120 _____ (Download Manager Cert ) C:\Users\Brandi\Downloads\Setup.exe
2014-03-02 12:07 - 2014-03-02 12:07 - 00020771 _____ () C:\Users\Brandi\Desktop\combo.txt
2014-03-02 11:59 - 2014-03-02 11:59 - 00020771 _____ () C:\ComboFix.txt
2014-03-02 11:36 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-02 11:36 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-02 11:36 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-02 11:36 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-02 11:36 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-02 11:36 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-02 11:36 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-02 11:36 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-02 11:34 - 2014-03-02 11:59 - 00000000 ____D () C:\Qoobox
2014-03-02 11:33 - 2014-03-02 11:56 - 00000000 ____D () C:\Windows\erdnt
2014-03-02 11:31 - 2014-03-02 11:31 - 05185084 ____R (Swearware) C:\Users\Brandi\Desktop\ComboFix.exe
2014-03-01 19:33 - 2014-03-01 19:33 - 00054817 _____ () C:\Users\Brandi\Downloads\Cause and Effect Model for Groen Winter 2014.pptx
2014-03-01 19:33 - 2014-03-01 19:33 - 00054817 _____ () C:\Users\Brandi\Downloads\Cause and Effect Model for Groen Winter 2014 (1).pptx
2014-02-28 10:43 - 2014-02-28 10:45 - 00039430 _____ () C:\Users\Brandi\Desktop\Addition.txt
2014-02-28 10:42 - 2014-03-06 23:34 - 00032690 _____ () C:\Users\Brandi\Desktop\FRST.txt
2014-02-28 10:41 - 2014-03-06 23:34 - 00000000 ____D () C:\FRST
2014-02-28 10:40 - 2014-03-06 23:33 - 02156544 _____ (Farbar) C:\Users\Brandi\Desktop\FRST64.exe
2014-02-24 20:12 - 2014-02-24 20:12 - 00000890 _____ () C:\Users\Brandi\Desktop\Continue Zip Opener Installation.lnk
2014-02-24 19:00 - 2014-02-24 19:00 - 00675015 _____ () C:\Users\Brandi\Downloads\Session 7.pptx
2014-02-24 18:58 - 2014-02-24 18:58 - 00543232 _____ () C:\Users\Brandi\Downloads\Writing About Themes thesis statements (1).ppt
2014-02-24 18:54 - 2014-02-24 18:54 - 00543232 _____ () C:\Users\Brandi\Downloads\Writing About Themes thesis statements.ppt
2014-02-23 15:09 - 2014-02-23 15:09 - 00862128 _____ (Download Manager Cert ) C:\Users\Brandi\Downloads\setup.exe (1).exe
2014-02-23 15:08 - 2014-02-23 15:09 - 00862128 _____ (Download Manager Cert ) C:\Users\Brandi\Downloads\setup.exe.exe
2014-02-21 20:40 - 2014-03-01 21:39 - 00000887 _____ () C:\Users\Brandi\Desktop\Continue VuuPC Installation.lnk
2014-02-21 20:29 - 2014-03-01 20:54 - 00000000 ____D () C:\Users\Brandi\AppData\Local\GCC
2014-02-21 20:29 - 2014-02-21 20:29 - 00004546 _____ () C:\Windows\System32\Tasks\GC_Informer
2014-02-21 20:29 - 2014-02-21 20:29 - 00004530 _____ () C:\Windows\System32\Tasks\GC_Scheduler
2014-02-21 20:29 - 2014-02-21 20:29 - 00000000 ____D () C:\ProgramData\MediaDev
2014-02-21 18:52 - 2014-03-05 17:54 - 00000000 ____D () C:\Program Files (x86)\click-n-mark
2014-02-21 18:43 - 2014-03-01 20:54 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\UpdateServ
2014-02-21 18:43 - 2014-02-21 20:29 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-02-21 18:43 - 2014-02-21 18:43 - 00966464 _____ () C:\Users\Brandi\Downloads\flv_installer.exe
2014-02-10 13:19 - 2014-02-10 13:19 - 00921000 _____ (Oracle Corporation) C:\Users\Brandi\Downloads\chromeinstall-7u51 (1).exe
2014-02-10 13:10 - 2014-02-10 13:10 - 00921000 _____ (Oracle Corporation) C:\Users\Brandi\Downloads\chromeinstall-7u51.exe
2014-02-08 01:05 - 2014-02-08 01:05 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-08 01:05 - 2014-02-08 01:05 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\Malwarebytes
2014-02-08 01:05 - 2014-02-08 01:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 01:05 - 2014-02-08 01:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 01:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-08 01:04 - 2014-02-08 01:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brandi\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 00:57 - 2014-02-08 00:57 - 00262144 _____ () C:\Windows\Minidump\Mini020814-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-06 23:35 - 2013-03-19 08:43 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\uTorrent
2014-03-06 23:34 - 2014-02-28 10:42 - 00032690 _____ () C:\Users\Brandi\Desktop\FRST.txt
2014-03-06 23:34 - 2014-02-28 10:41 - 00000000 ____D () C:\FRST
2014-03-06 23:34 - 2013-03-20 12:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 23:33 - 2014-03-06 23:33 - 00000000 ____D () C:\Users\Brandi\Desktop\FRST-OlderVersion
2014-03-06 23:33 - 2014-02-28 10:40 - 02156544 _____ (Farbar) C:\Users\Brandi\Desktop\FRST64.exe
2014-03-06 23:31 - 2006-11-02 07:22 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 23:31 - 2006-11-02 07:22 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 23:30 - 2009-07-20 00:55 - 01692707 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 23:29 - 2011-04-15 19:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 21:29 - 2011-04-15 19:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 20:31 - 2014-03-05 20:31 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (16).exe
2014-03-05 20:31 - 2014-03-05 20:31 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (15).exe
2014-03-05 20:31 - 2014-03-05 20:30 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (14).exe
2014-03-05 20:30 - 2014-03-05 20:30 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (13).exe
2014-03-05 20:30 - 2014-03-05 20:30 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (12).exe
2014-03-05 20:30 - 2014-03-05 20:30 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (11).exe
2014-03-05 20:29 - 2014-03-05 20:29 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (9).exe
2014-03-05 20:29 - 2014-03-05 20:29 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (8).exe
2014-03-05 20:29 - 2014-03-05 20:29 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (7).exe
2014-03-05 20:29 - 2014-03-05 20:29 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (10).exe
2014-03-05 20:28 - 2014-03-05 20:28 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (6).exe
2014-03-05 20:28 - 2014-03-05 20:28 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (5).exe
2014-03-05 20:28 - 2014-03-05 20:28 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (4).exe
2014-03-05 20:27 - 2014-03-05 20:27 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649211_0_0_0_0.exe
2014-03-05 20:27 - 2014-03-05 20:27 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649211_0_0_0_0 (1).exe
2014-03-05 20:27 - 2014-03-05 20:27 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0.exe
2014-03-05 20:27 - 2014-03-05 20:27 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (3).exe
2014-03-05 20:27 - 2014-03-05 20:27 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (2).exe
2014-03-05 20:27 - 2014-03-05 20:27 - 00294568 _____ (VLCPlayer) C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (1).exe
2014-03-05 17:54 - 2014-02-21 18:52 - 00000000 ____D () C:\Program Files (x86)\click-n-mark
2014-03-05 13:59 - 2014-03-05 13:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-04 22:38 - 2009-02-10 08:33 - 00003576 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-03-04 22:34 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 21:46 - 2014-03-03 21:46 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-03 21:46 - 2010-03-02 17:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-03 21:46 - 2010-03-02 17:21 - 00000000 ____D () C:\ProgramData\Skype
2014-03-03 21:46 - 2006-11-02 07:42 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-03 21:33 - 2014-03-03 21:29 - 00000000 ____D () C:\AdwCleaner
2014-03-03 21:28 - 2014-03-03 21:28 - 01244192 _____ () C:\Users\Brandi\Desktop\adwcleaner.exe
2014-03-03 21:21 - 2008-01-20 19:26 - 00894750 _____ () C:\Windows\PFRO.log
2014-03-03 18:36 - 2014-03-03 18:36 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-03-03 18:27 - 2012-07-25 15:39 - 00000000 ____D () C:\Windows\Minidump
2014-03-03 18:27 - 2012-07-25 15:37 - 521563269 _____ () C:\Windows\MEMORY.DMP
2014-03-03 17:39 - 2011-04-15 20:01 - 00001985 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-02 21:39 - 2014-03-02 21:39 - 00862120 _____ (Download Manager Cert ) C:\Users\Brandi\Downloads\Setup.exe
2014-03-02 15:18 - 2009-10-18 14:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-02 15:05 - 2010-12-03 18:26 - 00003212 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2894113137-3606334015-3764540335-1000
2014-03-02 15:05 - 2010-11-29 00:02 - 00003344 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTask S-1-5-21-2894113137-3606334015-3764540335-1000
2014-03-02 12:07 - 2014-03-02 12:07 - 00020771 _____ () C:\Users\Brandi\Desktop\combo.txt

SageWinard March 7th, 2014 08:39 AM

2014-03-02 11:59 - 2014-03-02 11:59 - 00020771 _____ () C:\ComboFix.txt
2014-03-02 11:59 - 2014-03-02 11:34 - 00000000 ____D () C:\Qoobox
2014-03-02 11:59 - 2006-11-02 05:33 - 00000000 __RHD () C:\Users\Default
2014-03-02 11:56 - 2014-03-02 11:33 - 00000000 ____D () C:\Windows\erdnt
2014-03-02 11:54 - 2006-11-02 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-02 11:31 - 2014-03-02 11:31 - 05185084 ____R (Swearware) C:\Users\Brandi\Desktop\ComboFix.exe
2014-03-01 21:39 - 2014-02-21 20:40 - 00000887 _____ () C:\Users\Brandi\Desktop\Continue VuuPC Installation.lnk
2014-03-01 20:54 - 2014-02-21 20:29 - 00000000 ____D () C:\Users\Brandi\AppData\Local\GCC
2014-03-01 20:54 - 2014-02-21 18:43 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\UpdateServ
2014-03-01 19:33 - 2014-03-01 19:33 - 00054817 _____ () C:\Users\Brandi\Downloads\Cause and Effect Model for Groen Winter 2014.pptx
2014-03-01 19:33 - 2014-03-01 19:33 - 00054817 _____ () C:\Users\Brandi\Downloads\Cause and Effect Model for Groen Winter 2014 (1).pptx
2014-02-28 10:45 - 2014-02-28 10:43 - 00039430 _____ () C:\Users\Brandi\Desktop\Addition.txt
2014-02-27 17:05 - 2010-07-05 05:29 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\HpUpdate
2014-02-24 20:12 - 2014-02-24 20:12 - 00000890 _____ () C:\Users\Brandi\Desktop\Continue Zip Opener Installation.lnk
2014-02-24 19:06 - 2014-01-28 14:08 - 00000000 ____D () C:\Users\Brandi\Documents\ESEC 506
2014-02-24 19:00 - 2014-02-24 19:00 - 00675015 _____ () C:\Users\Brandi\Downloads\Session 7.pptx
2014-02-24 18:58 - 2014-02-24 18:58 - 00543232 _____ () C:\Users\Brandi\Downloads\Writing About Themes thesis statements (1).ppt
2014-02-24 18:54 - 2014-02-24 18:54 - 00543232 _____ () C:\Users\Brandi\Downloads\Writing About Themes thesis statements.ppt
2014-02-23 15:34 - 2013-03-20 12:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-23 15:34 - 2013-03-20 12:22 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-23 15:34 - 2011-12-03 22:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-23 15:09 - 2014-02-23 15:09 - 00862128 _____ (Download Manager Cert ) C:\Users\Brandi\Downloads\setup.exe (1).exe
2014-02-23 15:09 - 2014-02-23 15:08 - 00862128 _____ (Download Manager Cert ) C:\Users\Brandi\Downloads\setup.exe.exe
2014-02-21 20:29 - 2014-02-21 20:29 - 00004546 _____ () C:\Windows\System32\Tasks\GC_Informer
2014-02-21 20:29 - 2014-02-21 20:29 - 00004530 _____ () C:\Windows\System32\Tasks\GC_Scheduler
2014-02-21 20:29 - 2014-02-21 20:29 - 00000000 ____D () C:\ProgramData\MediaDev
2014-02-21 20:29 - 2014-02-21 18:43 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-02-21 18:43 - 2014-02-21 18:43 - 00966464 _____ () C:\Users\Brandi\Downloads\flv_installer.exe
2014-02-17 21:24 - 2011-04-15 19:53 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A
2014-02-17 21:24 - 2011-04-15 19:53 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore
2014-02-16 03:06 - 2013-11-29 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:01 - 2006-11-02 04:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-10 13:20 - 2010-07-11 02:10 - 00000680 _____ () C:\Users\Brandi\AppData\Local\d3d9caps.dat
2014-02-10 13:19 - 2014-02-10 13:19 - 00921000 _____ (Oracle Corporation) C:\Users\Brandi\Downloads\chromeinstall-7u51 (1).exe
2014-02-10 13:10 - 2014-02-10 13:10 - 00921000 _____ (Oracle Corporation) C:\Users\Brandi\Downloads\chromeinstall-7u51.exe
2014-02-08 01:05 - 2014-02-08 01:05 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-08 01:05 - 2014-02-08 01:05 - 00000000 ____D () C:\Users\Brandi\AppData\Roaming\Malwarebytes
2014-02-08 01:05 - 2014-02-08 01:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 01:05 - 2014-02-08 01:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 01:04 - 2014-02-08 01:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brandi\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 00:57 - 2014-02-08 00:57 - 00262144 _____ () C:\Windows\Minidump\Mini020814-01.dmp

Some content of TEMP:
====================
C:\Users\Brandi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-10-06 12:49] - [2009-03-02 20:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-05 13:34

==================== End Of Log ============================


All times are GMT +1. The time now is 08:29 AM.

Copyright ©2000 - 2014, Cyber Tech Help. All rights reserved. All other trademarks are the property of their respective owners.