Jump to content

historybuff77

Honorary Members
  • Posts

    75
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, I'm travelling at the moment. I'm not sure if this is related, but shortly after signing on to the hotel's unsecured wifi my computer put up a blue screen saying my computer ran into an error and it was collecting information for an error report. It said to search DRIVER_IRQL_NOT_LESS_OR_EQual (tcpip.sys) error. I usually use Chrome, but it stopped working since I first saw this message. Fire Fox is also crashing. Malwarebytes scan turns up nothing. Is this a hardware issue or something else? Thanks, Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014 Ran by User (administrator) on LAPTOP-PC on 21-07-2014 20:53:27 Running from C:\Users\User\Desktop Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated) HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79776 2012-10-15] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-08] (Hewlett-Packard) HKU\S-1-5-21-3731889160-3860413392-410561627-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-30] (Google Inc.) ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM - {ECD5D19E-F577-4A6F-9DF0-BC36C80A769F} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 10.255.1.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ei4gauue.default FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Extension: Firefox Old Version Update Hotfix - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ei4gauue.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-21] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn [2013-04-01] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn [2013-09-24] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF [2013-10-09] Chrome: ======= CHR Extension: (Norton Identity Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-06-09] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-01] CHR Extension: (Norton Identity Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-05-19] CHR HKCU\...\Chrome\Extension: [pjddgeceaihfihcecdgfdiepikfbflpn] - C:\Users\User\AppData\Local\CRE\pjddgeceaihfihcecdgfdiepikfbflpn.crx [2014-05-19] CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01] CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\Exts\Chrome.crx [2013-06-18] CHR HKLM-x32\...\Chrome\Extension: [pjddgeceaihfihcecdgfdiepikfbflpn] - C:\Users\User\AppData\Local\CRE\pjddgeceaihfihcecdgfdiepikfbflpn.crx [2013-06-18] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed] R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) [File not signed] R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) U4 BthAvrcpTg; U4 BthHFEnum; U4 bthhfhid; R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation) R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-09] (Ralink Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-15] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-15] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140718.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140720.003\ENG64.SYS [126040 2013-11-05] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140720.003\EX64.SYS [2099288 2013-11-05] (Symantec Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.) R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1405000.01C\SymELAM.sys [23448 2012-11-15] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-21 20:53 - 2014-07-21 20:53 - 00018725 _____ () C:\Users\User\Desktop\FRST.txt 2014-07-21 20:51 - 2014-07-21 20:53 - 00000000 ____D () C:\FRST 2014-07-21 20:47 - 2014-07-21 20:47 - 02090496 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2014-07-21 20:36 - 2014-07-21 20:36 - 888812891 _____ () C:\Windows\MEMORY.DMP 2014-07-21 20:36 - 2014-07-21 20:36 - 00280928 _____ () C:\Windows\Minidump\072114-46410-01.dmp 2014-07-21 16:07 - 2014-07-21 20:35 - 00024618 _____ () C:\Windows\WindowsUpdate.log 2014-07-20 09:44 - 2014-07-21 20:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-20 09:44 - 2014-07-20 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-20 09:44 - 2014-07-20 09:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-20 09:44 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-20 09:44 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-18 18:21 - 2014-07-18 18:21 - 00331224 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-17 18:19 - 2014-07-20 16:49 - 00111092 ____H () C:\Users\User\Desktop\~WRL0006.tmp 2014-07-17 18:19 - 2014-07-17 18:41 - 00109725 ____H () C:\Users\User\Desktop\~WRL0003.tmp 2014-07-17 18:19 - 2014-07-17 18:19 - 00099404 ____H () C:\Users\User\Desktop\~WRL0005.tmp 2014-07-12 10:34 - 2014-06-26 16:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-12 10:34 - 2014-06-26 16:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-12 10:28 - 2014-07-12 10:28 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-10 18:36 - 2014-06-30 18:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-10 18:36 - 2014-06-30 18:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-07-10 18:36 - 2014-06-30 18:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-07-10 18:36 - 2014-06-27 23:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-10 18:36 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-10 18:36 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-10 18:36 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-10 18:36 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-10 18:36 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-10 18:36 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2014-07-10 18:36 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2014-07-10 18:36 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2014-07-10 18:36 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-10 18:36 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll 2014-07-10 18:36 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-07-10 18:36 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-07-10 18:36 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-07-10 18:36 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-07-10 18:36 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe 2014-07-10 18:36 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2014-07-10 18:36 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-07-10 18:36 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-10 18:36 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-07-10 18:36 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-10 18:36 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2014-07-10 18:35 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-10 18:35 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-10 18:35 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-07-10 18:35 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-07-10 18:35 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-10 18:35 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-10 18:35 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-10 18:35 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-10 18:35 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-10 18:35 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-10 18:35 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-07-10 18:35 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-10 18:35 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-10 18:35 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-10 18:35 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-10 18:35 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-07-10 18:35 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-10 18:35 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-10 18:35 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-10 18:35 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-10 18:35 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-10 18:35 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-10 18:35 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-10 18:35 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-10 18:35 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-10 18:35 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-07-10 18:35 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-10 18:35 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-10 18:35 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-10 18:35 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-10 18:35 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-07-10 18:35 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-10 18:35 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-10 18:35 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-10 18:35 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-07-10 18:35 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-10 18:35 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-10 18:35 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-10 18:35 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-10 18:35 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-10 18:35 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-07-10 18:35 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-10 18:35 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-10 18:35 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-04 11:34 - 2014-07-04 11:34 - 00017607 _____ () C:\Users\User\Downloads\CPR Distribution for June.xlsx 2014-07-04 11:34 - 2014-07-04 11:34 - 00017607 _____ () C:\Users\User\Downloads\CPR Distribution for June (1).xlsx ==================== One Month Modified Files and Folders ======= 2014-07-21 20:53 - 2014-07-21 20:53 - 00018725 _____ () C:\Users\User\Desktop\FRST.txt 2014-07-21 20:53 - 2014-07-21 20:51 - 00000000 ____D () C:\FRST 2014-07-21 20:47 - 2014-07-21 20:47 - 02090496 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2014-07-21 20:40 - 2012-11-21 00:34 - 00004524 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-07-21 20:40 - 2012-08-10 21:45 - 00000821 _____ () C:\Windows\SysWOW64\bscs.ini 2014-07-21 20:38 - 2014-07-20 09:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-21 20:37 - 2012-12-30 11:08 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-21 20:37 - 2012-11-21 00:34 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-07-21 20:36 - 2014-07-21 20:36 - 888812891 _____ () C:\Windows\MEMORY.DMP 2014-07-21 20:36 - 2014-07-21 20:36 - 00280928 _____ () C:\Windows\Minidump\072114-46410-01.dmp 2014-07-21 20:36 - 2013-03-28 21:57 - 00000000 ____D () C:\Windows\Minidump 2014-07-21 20:36 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-21 20:35 - 2014-07-21 16:07 - 00024618 _____ () C:\Windows\WindowsUpdate.log 2014-07-21 20:33 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru 2014-07-21 16:05 - 2014-01-26 17:06 - 00000000 ____D () C:\Users\User\Desktop\Desktop Stuff 2014-07-21 16:05 - 2012-12-30 11:08 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-21 14:00 - 2013-01-03 17:44 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2014-07-21 12:41 - 2012-12-30 23:10 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-07-21 12:41 - 2012-12-30 23:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-07-20 20:59 - 2012-08-25 15:38 - 00877348 _____ () C:\Windows\system32\perfh00C.dat 2014-07-20 20:59 - 2012-08-25 15:38 - 00191806 _____ () C:\Windows\system32\perfc00C.dat 2014-07-20 20:59 - 2012-07-26 03:28 - 01994362 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-20 16:57 - 2012-12-30 00:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3731889160-3860413392-410561627-1002 2014-07-20 16:49 - 2014-07-17 18:19 - 00111092 ____H () C:\Users\User\Desktop\~WRL0006.tmp 2014-07-20 16:36 - 2013-12-31 16:13 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForUser.job 2014-07-20 09:44 - 2014-07-20 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-20 09:44 - 2014-07-20 09:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-20 09:44 - 2013-06-27 09:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-20 09:44 - 2013-06-27 09:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-07-20 09:44 - 2013-03-31 14:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes 2014-07-20 09:44 - 2013-03-31 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-18 19:20 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache 2014-07-18 19:14 - 2012-11-21 01:02 - 00000000 ____D () C:\ProgramData\Norton 2014-07-18 19:06 - 2013-01-28 22:45 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-07-18 18:25 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-07-18 18:21 - 2014-07-18 18:21 - 00331224 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-18 08:08 - 2013-05-28 22:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-17 18:41 - 2014-07-17 18:19 - 00109725 ____H () C:\Users\User\Desktop\~WRL0003.tmp 2014-07-17 18:19 - 2014-07-17 18:19 - 00099404 ____H () C:\Users\User\Desktop\~WRL0005.tmp 2014-07-16 22:33 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-07-12 10:31 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-07-12 10:28 - 2014-07-12 10:28 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-12 10:28 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-12 10:28 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-12 10:27 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore 2014-07-12 10:27 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-10 19:10 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-07-10 19:07 - 2013-07-27 10:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-10 18:59 - 2012-12-30 01:50 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-04 11:34 - 2014-07-04 11:34 - 00017607 _____ () C:\Users\User\Downloads\CPR Distribution for June.xlsx 2014-07-04 11:34 - 2014-07-04 11:34 - 00017607 _____ () C:\Users\User\Downloads\CPR Distribution for June (1).xlsx 2014-06-30 18:42 - 2014-07-10 18:36 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 18:42 - 2014-07-10 18:36 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-06-30 18:42 - 2014-07-10 18:36 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-06-27 23:35 - 2014-07-10 18:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-26 16:53 - 2014-07-12 10:34 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-26 16:53 - 2014-07-12 10:34 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-22 11:00 - 2012-12-30 11:08 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-22 11:00 - 2012-12-30 11:08 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-21 12:53 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014 Ran by User at 2014-07-21 20:54:16 Running from C:\Users\User\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 7 Wonders II (x32 Version: 2.2.0.98 - WildTangent) Hidden Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks) AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Crazy Chicken Soccer (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.) CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.) CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.) CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.) CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent) HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company) HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company) HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT) iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Machete Lite 3.8 (HKLM-x32\...\{F05CE84D-4C4C-4EA7-840B-BAB0C72B60E2}) (Version: 3.8.44 - MacheteSoft) Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.) Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.) Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 20.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 20.0 (x86 en-US)) (Version: 20.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 20.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Norton 360 (HKLM-x32\...\N360) (Version: 20.5.0.28 - Symantec Corporation) Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.4.0.10 - Symantec Corporation) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation) Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1554 - Memeo Inc.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov) Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Restore Points ========================= 04-07-2014 15:44:12 Scheduled Checkpoint 10-07-2014 22:52:51 Windows Update 18-07-2014 22:59:08 Scheduled Checkpoint ==================== Hosts content: ========================== 2012-07-26 01:26 - 2013-04-01 11:53 - 00000841 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {15E0C7A0-4E9F-432C-9C3F-D643FE08C45A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30] (Google Inc.) Task: {1A7A079C-4515-45C2-B628-65C48C41F693} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Tune-up Postponed => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {22E98269-0506-4889-BCBE-C8BA84ED9998} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {3300C023-8EB7-45B8-822B-CA03EA4DB4D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {388A8419-D192-4B75-80FA-128E354DA970} - System32\Tasks\HPCeeScheduleForUser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {3D926D8E-2B79-40FA-AFE9-8283253C463A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {436CD868-280C-45D4-99D6-E10665FCF9AE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {4F115C4B-8435-404C-9BD7-83552DC75F78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company) Task: {5DCD6C1C-382B-433B-9C33-87427DE28232} - System32\Tasks\Quark Updater => C:\Program Files (x86)\Quark\Quark Update\AutoUpdate.exe Task: {5EC436B9-217F-4421-8208-5E7C73489FE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {729E65E8-3623-4CB7-86B4-6DB3015E5C04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30] (Google Inc.) Task: {77BE5FA3-3C9F-42C3-B6B6-85BA06674F21} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation) Task: {838E7F27-B353-4A72-A7E3-1B81F6BBD4FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company) Task: {89AA0674-32C8-4783-9CD6-AF730A6E93AE} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation) Task: {90AEFC8C-F020-43E8-8966-DB49069E152E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {BBE82260-855B-4F57-B2EC-D9FAFDB2A36D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {BCC4E8C6-9BB9-4251-BEAE-96B9BF9A342E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {C6FF3260-57D6-4D13-BD54-313FB470C431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company) Task: {CB1C1C75-7F32-43D2-B054-12364EA309E6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation) Task: {EA34FEE4-DBEC-4B74-A5D3-DE58886243AC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F17F3ADE-18EA-42C8-B411-84575E748249} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2012-08-10] (Hewlett-Packard Company) Task: {F93882CA-95A5-4C92-B033-7F61C1D2DDC7} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForUser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\Quark Updater.job => C:\Program Files (x86)\Quark\Quark Update\AutoUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-08 14:36 - 2012-08-08 14:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2012-07-10 22:11 - 2012-07-10 22:11 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll 2012-07-10 22:11 - 2012-07-10 22:11 - 00052736 _____ () C:\Windows\system32\BlueSoleilCSps.dll 2012-07-27 18:51 - 2012-07-27 18:51 - 00346112 _____ () C:\Windows\system32\BsExtendFunc.dll 2012-07-10 22:09 - 2012-07-10 22:09 - 00022528 _____ () C:\Windows\system32\BsTrace.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-07-10 22:09 - 2012-07-10 22:09 - 00022528 _____ () C:\Windows\SYSTEM32\BsTrace.dll 2012-08-10 14:55 - 2012-08-10 14:55 - 00323648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll 2012-05-02 21:28 - 2012-05-02 21:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll 2012-07-10 22:11 - 2012-07-10 22:11 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll 2012-07-10 22:11 - 2012-07-10 22:11 - 00052736 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll 2013-06-18 10:07 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll 2014-05-01 19:14 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.5.0.28\wincfi39.dll 2012-11-21 00:48 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2013-04-02 11:25 - 2013-03-26 22:18 - 03143576 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2012-07-10 22:14 - 2012-07-10 22:14 - 00072192 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll 2012-07-27 18:51 - 2012-07-27 18:51 - 00346112 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll 2012-10-15 02:03 - 2012-10-15 02:03 - 00108960 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll 2012-10-15 02:08 - 2012-10-15 02:08 - 00031648 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll 2012-10-01 14:18 - 2012-10-01 14:18 - 00015360 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll 2012-10-01 14:18 - 2012-10-01 14:18 - 00014848 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll 2010-04-20 13:22 - 2010-04-20 13:22 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll 2010-04-20 13:22 - 2010-04-20 13:22 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\User\Downloads\Fwd Pulsamerica is looking for news writers - message for circulation.eml:OECustomProperty AlternateDataStreams: C:\Users\User\Downloads\Tweet from LU Rowing (@LU_Rowing).eml:OECustomProperty AlternateDataStreams: C:\Users\User\Downloads\Update to Reservation# 31324797 Delta Ottawa City Centre Arr Monday, June 10, 2013.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18509388.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83886476.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18509388.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83886476.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/21/2014 08:48:55 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (07/21/2014 08:38:02 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (07/21/2014 08:38:02 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (07/21/2014 08:38:02 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (07/21/2014 08:38:02 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (07/21/2014 08:38:01 PM) (Source: Windows Search Service) (EventID: 3057) (User: ) Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized. Context: Windows Application Details: (HRESULT : 0x8e5e0210) (0x8e5e0210) Error: (07/21/2014 08:38:01 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) Error: (07/21/2014 08:38:01 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. The service will attempt to automatically correct this problem by rebuilding the index. Details: 0x8e5e0210 (0x8e5e0210) Error: (07/21/2014 08:38:01 PM) (Source: ESENT) (EventID: 455) (User: ) Description: SearchIndexer (488) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00333.log. Error: (07/21/2014 04:28:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79 Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp: 0x50247825 Exception code: 0xc0000094 Fault offset: 0x0000d53d Faulting process id: 0x10c4 Faulting application start time: 0xBlueSoleilCS.exe0 Faulting application path: BlueSoleilCS.exe1 Faulting module path: BlueSoleilCS.exe2 Report Id: BlueSoleilCS.exe3 Faulting package full name: BlueSoleilCS.exe4 Faulting package-relative application ID: BlueSoleilCS.exe5 System errors: ============= Error: (07/21/2014 08:39:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: %%1053 Error: (07/21/2014 08:39:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect. Error: (07/21/2014 08:38:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: %%1053 Error: (07/21/2014 08:38:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect. Error: (07/21/2014 08:38:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/21/2014 08:38:02 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with the following service-specific error: %%2147749126 Error: (07/21/2014 08:36:55 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x000000d1 (0x000000000000000a, 0x0000000000000002, 0x0000000000000000, 0xfffff88001ccf9a0)C:\Windows\MEMORY.DMP072114-46410-01 Error: (07/21/2014 08:36:50 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:43:32 PM on ‎2014-‎07-‎21 was unexpected. Error: (07/21/2014 04:28:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The BlueSoleilCS service terminated unexpectedly. It has done this 2 time(s). Error: (07/21/2014 01:47:05 PM) (Source: Schannel) (EventID: 4114) (User: LAPTOP-PC) Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-07-21 20:50:56.940 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-21 20:50:45.487 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-20 20:59:28.741 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-20 20:57:42.655 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-20 16:42:24.188 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-20 16:39:09.770 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-20 14:38:18.386 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-20 10:08:43.912 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-20 09:52:05.723 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-20 09:43:39.299 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 7650.26 MB Available physical RAM: 5774.04 MB Total Pagefile: 15330.26 MB Available Pagefile: 13442.56 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:672.46 GB) (Free:493.54 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:25.07 GB) (Free:2.92 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: 33044D6F) Partition: GPT Partition Type. ==================== End Of Log ============================
  2. I've reset Chrome. I'll keep an eye on how it's acting and I will start a new topic if there are still problems. Everything else seems to be working fine. Thanks for all your help!
  3. The problem when opening Chrome and getting the error message "Chrome cannot read your preferences" has returned.
  4. Here's the log. Thanks! Results of screen317's Security Check version 0.99.61 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Mozilla Firefox (20.0) Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.76 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  5. Okay, I was able to rename it. So far, so good. Should we keep this thread open or should I start a new one if I run into any more problems? Everything else seems to be working normally. Thanks very much for your help!
  6. It won't let me rename the file. Do I need to do something like close the Chrome browser first? Thanks!
  7. I wrote too soon. I just opened Chrome and had another pop up saying that my preferences could not be read. When this happens and I close Chrome without first closing this message Chrome crashes.
  8. Hi MrC, I think the post can be closed. I haven't had the same problem since the cleaning. Thanks very much for your help!
  9. Hi MrC, Here are my two logs: # AdwCleaner v3.018 - Report created 28/01/2014 at 17:51:15 # Updated 28/01/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : User - LAPTOP-PC # Running from : C:\Users\User\Desktop\adwcleaner (1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\Notation ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v20.0 (en-US) [ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ei4gauue.default\prefs.js ] Line Deleted : user_pref("CT3287823.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3287823.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3287823.embeddedsData", "[{\"appId\":\"130058557034802204\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...] Line Deleted : user_pref("CT3287823.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3287823.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Line Deleted : user_pref("CT3287823.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3287823%26octid%3DCT3287823%26SearchSource%3D61%26CUI%3DUN2[...] Line Deleted : user_pref("CT3287823.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3287823.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3287823.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); Line Deleted : user_pref("CT3287823.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3287823\"}"); Line Deleted : user_pref("CT3287823.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V9\"}"); Line Deleted : user_pref("CT3287823.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3287823_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1366591499766,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); -\\ Google Chrome v32.0.1700.76 [ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3474 octets] - [28/01/2014 17:47:28] AdwCleaner[s0].txt - [3435 octets] - [28/01/2014 17:51:15] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3495 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.28.09 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 User :: LAPTOP-PC [administrator] 2014-01-28 5:59:01 PM mbam-log-2014-01-28 (17-59-01).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 456987 Time elapsed: 1 hour(s), 43 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Google\Chrome\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb (PUP.Optional.SpeedTestAnalysis.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\User\AppData\Roaming\SpeedTestAnalysis (PUP.Optional.SpeedTestAnalysis.A) -> Quarantined and deleted successfully. Files Detected: 1 C:\Users\User\AppData\Roaming\SpeedTestAnalysis\speedtestanalysis.crx (PUP.Optional.SpeedTestAnalysis.A) -> Quarantined and deleted successfully. (end)
  10. Hi MrCharlie, Here's my log. I use CCleaner to remove cookies/browsing history after every Internet session. Is it okay to still run this while you're searching for malware? Thanks! RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : User [Admin rights] Mode : Scan -- Date : 01/27/2014 20:58:30 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD075 SATA Disk Device +++++ --- User --- [MBR] 9c9b2669875350b52edfd94c450c6197 [bSP] 1f18f6bde0f1cc21fbbaaa1891dbc946 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 715404 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_01272014_205830.txt >>
  11. Hi, I have Norton 360 and did a Malwarebytes scan which turned up nothing. But lately Chrome has not been shutting down properly and I get an unusual message that pops up saying it can't read my preferences. I also notice Speed Test Analysis keeps trying to enable itself on Chrome. Here are my logs. Thanks! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537Run by User at 16:20:03 on 2014-01-26Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.7650.5737 [GMT -5:00].AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\atieclxx.exeC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\Hpservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Windows\system32\svchost.exe -k apphostC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exeC:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exeC:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\dashost.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\system32\taskhostex.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\Explorer.EXEC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exeC:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exeC:\Windows\System32\RuntimeBroker.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exeC:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmStart Page = about:blankmWinlogon: Userinit = userinit.exe,BHO: Speed Test Analysis: {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dllBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"mRun: [btTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeymRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uimRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mPolicies-Explorer: NoDriveTypeAutoRun = dword:28IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.0.1TCP: Interfaces\{0327BF37-553C-4D09-8230-9F5D50667E24} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{53677ED1-0FBD-40FF-9C76-3CAB33DE80AE}\1557965647D41676E6F6C69616 : DHCPNameServer = 192.168.0.1TCP: Interfaces\{53677ED1-0FBD-40FF-9C76-3CAB33DE80AE}\342716A797E45696768626F65727 : DHCPNameServer = 64.71.255.204 64.71.255.198TCP: Interfaces\{53677ED1-0FBD-40FF-9C76-3CAB33DE80AE}\84963747F6279724576666 : DHCPNameServer = 192.168.0.1mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mStart Page = about:blankx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Updatex64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28.================= FIREFOX ===================.FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ei4gauue.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\N360x64\1404000.028\symds64.sys [2013-6-9 493656]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\N360x64\1404000.028\symefa64.sys [2013-6-9 1139800]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\Drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-9 169048]R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\Drivers\NSTx64\7DD04000.00A\ccsetx64.sys [2013-6-18 169048]R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-11-20 92536]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140124.001\IDSviA64.sys [2014-1-25 521944]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\ironx64.sys [2013-6-9 224416]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\symnets.sys [2013-6-9 433752]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-11-20 199008]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-11-20 2451456]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-27 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-27 701512]R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-9 144368]R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe [2013-6-18 144368]R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2012-10-15 14752]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]R3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;C:\Windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136]R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-7-19 56904]R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-8-9 48736]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-13 137648]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-6-27 25928]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-11-20 269968]R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\Drivers\rtbth.sys [2012-8-9 695392]R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-20 690832]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-11-20 57000]R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\symelam.sys [2013-6-9 23448]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-11-21 41272]S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-11-21 43832]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656].=============== Created Last 30 ================.2014-01-24 22:48:00 246960 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10231.bin2014-01-15 00:47:43 915968 ----a-w- C:\Windows\System32\MPSSVC.dll2014-01-15 00:47:43 758784 ----a-w- C:\Windows\System32\FirewallAPI.dll2014-01-15 00:47:43 588288 ----a-w- C:\Windows\System32\SHCore.dll2014-01-15 00:47:41 550400 ----a-w- C:\Windows\SysWow64\FirewallAPI.dll2014-01-15 00:47:41 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll2014-01-15 00:47:41 227840 ----a-w- C:\Windows\System32\WebClnt.dll2014-01-15 00:47:41 100696 ----a-w- C:\Windows\System32\drivers\disk.sys2014-01-15 00:47:40 199168 ----a-w- C:\Windows\SysWow64\WebClnt.dll2014-01-15 00:47:39 104448 ----a-w- C:\Windows\System32\davclnt.dll2014-01-15 00:47:38 86016 ----a-w- C:\Windows\SysWow64\davclnt.dll2014-01-15 00:47:35 74752 ----a-w- C:\Windows\System32\drivers\mpsdrv.sys2014-01-15 00:46:13 688640 ----a-w- C:\Windows\System32\WSShared.dll2014-01-15 00:46:12 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll2014-01-15 00:46:12 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll2014-01-15 00:46:12 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll.==================== Find3M ====================.2014-01-09 08:02:07 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-01-09 08:02:07 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-11-23 06:43:58 420864 ----a-w- C:\Windows\System32\WMPhoto.dll2013-11-23 05:05:01 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-06 23:18:57 4036608 ----a-w- C:\Windows\System32\win32k.sys2013-11-01 05:38:21 312320 ----a-w- C:\Windows\System32\msieftp.dll2013-11-01 03:49:24 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll.============= FINISH: 16:20:15.02 =============== DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 2012-12-29 11:43:44 PMSystem Uptime: 2014-01-24 7:25:23 PM (45 hours ago).Motherboard: Hewlett-Packard | | 1849Processor: AMD A10-4600M APU with Radeon HD Graphics | Socket FT1 | 2300/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 672 GiB total, 520.378 GiB free.D: is FIXED (NTFS) - 25 GiB total, 2.922 GiB free.E: is CDROM (CDFS).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP81: 2014-01-11 11:16:36 AM - Scheduled CheckpointRP82: 2014-01-14 9:01:41 PM - Windows UpdateRP83: 2014-01-19 9:59:25 PM - Windows Update.==== Installed Programs ======================.4 Elements II7 Wonders IIAdobe Shockwave Player 11.6Aloha TriPeaksAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD FuelAMD Quick StreamAMD VISION Engine Control CenterApple Application SupportApple Mobile Device SupportApple Software UpdateBejeweled 3BonjourBuild-a-lot 4 - Power SourceCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerChuzzle DeluxeConnectCradle of Rome 2Crazy Chicken SoccerCyberLink LabelPrintCyberLink Media Suite 10CyberLink PhotoDirectorCyberLink Power2Go 8CyberLink PowerDirector 10CyberLink PowerDVDCyberLink YouCamD3DX10Energy StarFarm FrenzyFinal Drive FuryFlatOut 2Foxit ReaderGalerie de photos Windows LiveGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperGovernor of Poker 2 Premium EditionHewlett-Packard ACLM.NET v1.2.0.0Hoyle Card GamesHP 3D DriveGuardHP Connected Music (Meridian - installer)HP CoolSenseHP Customer Experience EnhancementsHP DocumentationHP GamesHP MyRoomHP Postscript ConverterHP Quick LaunchHP Recovery ManagerHP Registration ServiceHP Software FrameworkHP Support AssistantHP Utility CenterHP Wireless Button DriveriCloudIDT AudioiTunesJewel Match 3John Deere Drive GreenLetters from Nowhere 2Luxor EvolvedMachete Lite 3.8Mahjongg Dimensions Deluxe: Tiles in TimeMalwarebytes Anti-Malware version 1.75.0.1300Memeo AutoSyncMemeo Instant BackupMicrosoft Application Error ReportingMicrosoft OfficeMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Mozilla Firefox 20.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTNorton 360Norton Identity SafePeggle NightsPenguins!Polar BowlerPolar GolferQuickTimeRalink Bluetooth Stack64Ralink RT3290 802.11bgn Wi-Fi AdapterRealtek Ethernet Controller DriverRealtek PCIE Card ReaderRoads of Rome 3Seagate DashboardSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Speed Test AnalysisswMSMSynaptics Pointing Device DriverThe Treasures of Mystery Island: The Ghost ShipTouchFreezeTrinklit SupremeUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update Installer for WildTangent Games AppVLC media player 2.0.5WildTangent GamesWildTangent Games AppWindows LiveWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live Language SelectorWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesZuma's Revenge.==== Event Viewer Messages From Past Week ========.2014-01-21 6:31:52 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect.2014-01-21 6:31:52 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.2014-01-21 6:31:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}2014-01-21 6:30:18 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.2014-01-21 6:30:18 PM, Error: Service Control Manager [7024] - .==== End Of File ===========================
  12. Hi Gringo, Everything appears fine. Thanks so much for your help! All the best
  13. Hi Gringo, Here it is. It turned up quite a few threats: C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js Win32/Conduit.SearchProtect.A applicationC:\Users\User\Desktop\cbsidlm-tr1_9-Machete_Video_Editor_Lite-ORG-75326879.exe multiple threatsC:\Users\User\Desktop\sa_setup.exe a variant of Win32/InstallBrain.W applicationC:\Users\User\Desktop\Old Desktop\SoftonicDownloader_for_photoscape.exe Win32/SoftonicDownloader.D applicationC:\Users\User\Desktop\Old Desktop\youtube-to-mp3-converter_72.exe Win32/OpenCandy applicationC:\Users\User\Downloads\SoftonicDownloader_for_quarkxpress (1).exe a variant of Win32/SoftonicDownloader.E applicationC:\Users\User\Downloads\SoftonicDownloader_for_quarkxpress.exe a variant of Win32/SoftonicDownloader.E applicationC:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C applicationC:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B applicationC:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C applicationC:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C applicationC:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C applicationC:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\bin\uninstall.exe Win32/Conduit.SearchProtect.A applicationC:\_OTL\MovedFiles\04222013_220727\C_Program Files (x86)\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A applicationC:\_OTL\MovedFiles\04222013_220727\C_Users\User\AppData\Roaming\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C applicationC:\_OTL\MovedFiles\04222013_220727\C_Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B applicationC:\_OTL\MovedFiles\04222013_220727\C_Users\User\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C applicationC:\_OTL\MovedFiles\04222013_220727\C_Users\User\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C applicationC:\_OTL\MovedFiles\04222013_220727\C_Users\User\AppData\Roaming\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C applicationC:\_OTL\MovedFiles\04222013_220727\C_Users\User\AppData\Roaming\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application
  14. Thanks, I will try it on Firefox and let you know.
  15. Hi Gringo, I couldn't because IE doesn't work. It's a catch-22.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.