Jump to content


Photo
- - - - -

PUP.Optional.Spigot.A


  • This topic is locked This topic is locked
16 replies to this topic

#1 SoulsLight

SoulsLight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 18 October 2013 - 10:54 PM

When I ran a scan with Malwarebytes it detected PUP.Optional.Spigot.A

 

A little background: My laptop didn't start right away and I ended up having to run Start up Repair and that did a system restore to 10/13. Since I had downloaded a new version of my anti virus on 10/14 I had to redownload & install it. Something happened with the first download and I had to do it again. Everything installed ok, I did a scan and everything was fine. I then decided to do a Malwarebytes scan too and it came up with that detection. After I rebooted I ran Security Check to see if I needed to update anything else and it looked odd so here I am! I read the pinned note at the top of this forum, but wasn't sure I should still follow all the directions since Malwarebytes removed the problem. Could I have a different problem now or is it all related? Logs follow.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.18.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cathy :: CATHY-HP [administrator]

10/18/2013 9:12:39 PM
mbam-log-2013-10-18 (21-12-39).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 485153
Time elapsed: 1 hour(s), 24 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Cathy\AppData\Local\Temp\uJ8Xkgw5.exe.part (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

(end)
 

 

Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.8.800.168  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 



#2 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,020 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 19 October 2013 - 03:32 AM

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingc...oad/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.

  • Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.

  • AdwCleaner will begin...be patient as the scan may take some time to complete.

  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.

  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

  • Look over the log especially under Files/Folders for any program you want to save.

  • If there's a program you want to save, just uncheck it from AdwCleaner.

  • If you're not sure, post the log for review.

  • If you're ready to clean it all up.....click the Clean button.

  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.

  • Copy and paste the contents of that logfile in your next reply.

  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine

  • To restore an item that has been deleted (if necessary):

  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.

  • Press Scan button.

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs...

 

Kevin


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#3 SoulsLight

SoulsLight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 19 October 2013 - 07:05 AM

Thank you for the welcome. I NEVER ever use P2P software so if any show up I would need help in getting them off of here. I also want to mention that I have a ton of Windows updates to re-install but I wanted to wait until I make sure there is nothing else funky on here. Laptop is working completely normally so hopefully there's nothing much to fix.

 

I was unsure about the report from the scan of AdwCleaner so I am posting the report before I clean anything. I have no idea if these files are important. Please advise before I clean & remove anything.

 

 

# AdwCleaner v3.008 - Report created 19/10/2013 at 07:50:04
# Updated 17/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cathy - CATHY-HP
# Running from : C:\Users\Cathy\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safesearch.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\5rs70nrx.default\searchplugins\safesearch.xml
File Found : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\5rs70nrx.default\user.js
File Found : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\5rs70nrx.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3008 octets] - [19/10/2013 07:50:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3068 octets] ##########
 



#4 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,020 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 19 October 2013 - 07:58 AM

Yes please, remove all of those entries...


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#5 SoulsLight

SoulsLight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 19 October 2013 - 09:11 AM

# AdwCleaner v3.008 - Report created 19/10/2013 at 09:59:22
# Updated 17/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cathy - CATHY-HP
# Running from : C:\Users\Cathy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\5rs70nrx.default\searchplugins\safesearch.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safesearch.xml
File Deleted : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\5rs70nrx.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\YahooPartnerToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\5rs70nrx.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Cathy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3180 octets] - [19/10/2013 07:50:04]
AdwCleaner[R1].txt - [3240 octets] - [19/10/2013 09:58:28]
AdwCleaner[S0].txt - [2604 octets] - [19/10/2013 09:59:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2664 octets] ##########
 



#6 SoulsLight

SoulsLight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 19 October 2013 - 09:13 AM

  Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Cathy (administrator) on CATHY-HP on 19-10-2013 10:04:49
Running from C:\Users\Cathy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKCU\...\Run: [EPSON Stylus Photo RX680 Series] - C:\Windows\TEMP\E_SAB2D.tmp [152 2011-06-28] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Corel File Shell Monitor] - c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=MT6821
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...57-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...57-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKCU - {D5205153-5713-4DDF-80CA-CC99AADD2B94} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...57-0/4?satitle={searchTerms}&mfe=Notebooks
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\5rs70nrx.default

FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Extension: No Name - C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\5rs70nrx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\

Chrome:
=======


CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx

==================== Services (Whitelisted) =================

S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-09-21] (CyberLink)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NWHelper; C:\Program Files (x86)\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [270336 2010-06-03] (Novatel Wireless Inc.)
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [169472 2011-02-11] (Novatel Wireless Inc.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-09-25] (Symantec Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-09-25] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-10-18] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131018.001\IDSvia64.sys [521816 2013-10-18] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131018.001\IDSvia64.sys [521816 2013-10-18] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131018.018\ENG64.SYS [126040 2013-10-18] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131018.018\ENG64.SYS [126040 2013-10-18] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131018.018\EX64.SYS [2099288 2013-10-18] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131018.018\EX64.SYS [2099288 2013-10-18] (Symantec Corporation)
S3 NWRmNet_022; C:\Windows\System32\DRIVERS\NWRmNet_022.sys [295424 2011-03-01] (Novatel Wireless Inc.)
S3 NWUSBModem_022; C:\Windows\System32\DRIVERS\nwusbmdm_022.sys [217856 2011-03-01] (Novatel Wireless Inc.)
S3 NWUSBPort2_022; C:\Windows\System32\DRIVERS\nwusbser2_022.sys [217856 2011-03-01] (Novatel Wireless Inc.)
S3 NWUSBPort_022; C:\Windows\System32\DRIVERS\nwusbser_022.sys [217856 2011-03-01] (Novatel Wireless Inc.)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-19 10:04 - 2013-10-19 10:04 - 01954124 _____ (Farbar) C:\Users\Cathy\Downloads\FRST64.exe
2013-10-19 10:04 - 2013-10-19 10:04 - 00000000 ____D C:\FRST
2013-10-19 10:02 - 2013-10-19 10:02 - 00002756 _____ C:\Users\Cathy\Desktop\AdwCleaner[S0].txt
2013-10-19 07:52 - 2013-10-19 07:52 - 00003180 _____ C:\Users\Cathy\Desktop\AdwCleaner[R0].txt
2013-10-19 07:49 - 2013-10-19 09:59 - 00000000 ____D C:\AdwCleaner
2013-10-19 07:48 - 2013-10-19 07:48 - 01050644 _____ C:\Users\Cathy\Desktop\AdwCleaner.exe
2013-10-19 07:38 - 2013-10-19 07:38 - 00000000 ____D C:\Users\Cathy\AppData\Local\{1CC7A966-9D0A-4DA1-AD4A-6F6F83CDA620}
2013-10-18 22:54 - 2013-10-18 22:53 - 00891167 _____ C:\Users\Cathy\Downloads\SecurityCheck.exe
2013-10-18 18:22 - 2013-10-18 18:22 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-18 18:21 - 2013-10-18 18:21 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-10-18 18:21 - 2013-10-18 18:21 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-10-18 18:21 - 2013-10-18 18:21 - 00002577 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-10-18 18:20 - 2013-10-18 18:20 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-10-18 18:20 - 2013-10-18 18:20 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-10-18 18:15 - 2013-10-18 18:14 - 00869456 _____ C:\Users\Cathy\Downloads\Norton_Removal_Tool.exe
2013-10-18 18:13 - 2013-10-18 18:13 - 07539624 _____ (Symantec Corporation) C:\Users\Cathy\Downloads\NRnR.exe
2013-10-18 18:13 - 2013-10-18 18:13 - 00000000 ____D C:\ProgramData\NortonRnR
2013-10-18 17:56 - 2013-10-18 17:56 - 00000000 ____D C:\Users\Cathy\AppData\Local\{74EFC65E-79DF-4EF3-B1C0-09EC9B3A1220}
2013-10-17 19:06 - 2013-10-17 19:06 - 00000000 ____D C:\Users\Cathy\AppData\Local\{7602E6EC-2010-4E2A-806A-BC8A4A03097B}
2013-10-16 19:05 - 2013-10-16 19:05 - 00000000 ____D C:\Users\Cathy\AppData\Local\{91F9D566-06F3-401D-BF3A-34421187A995}
2013-10-15 20:44 - 2013-10-15 20:44 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C42BC92E-28F1-480C-8281-D0C3879AAB7B}
2013-10-14 19:18 - 2013-10-14 19:18 - 00000000 ____D C:\Users\Cathy\AppData\Local\{9E540A4C-60F8-4F7B-B803-769409C7AFF8}
2013-10-14 05:12 - 2013-10-14 05:12 - 00000000 ____D C:\Users\Cathy\AppData\Local\{A332B25F-A83C-4441-AB4F-4E523077CBC4}
2013-10-13 11:39 - 2013-10-13 11:39 - 00000000 ____D C:\Users\Cathy\AppData\Local\{52096E4A-996A-4E82-99C4-1F6349F94993}
2013-10-13 08:59 - 2013-10-18 17:58 - 01021952 _____ (Symantec Corporation) C:\Users\Cathy\Downloads\NISDownloader.exe
2013-10-12 21:50 - 2013-10-12 21:50 - 00000000 ____D C:\Users\Cathy\AppData\Local\{4E1E882B-F187-491D-847D-EEC72684E6C8}
2013-10-12 07:48 - 2013-10-12 07:49 - 00000000 ____D C:\Users\Cathy\AppData\Local\{D7A68407-C595-472C-B582-FF73E56E484D}
2013-10-11 18:12 - 2013-10-11 18:13 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C106F2D6-76E9-4511-96C3-6636D9FF69A0}
2013-10-10 20:28 - 2013-10-10 20:28 - 00000000 ____D C:\Users\Cathy\AppData\Local\{4F9713A1-A75E-4717-8CCB-A43742E796F4}
2013-10-09 18:20 - 2013-10-09 18:20 - 00000000 ____D C:\Users\Cathy\AppData\Local\{B2ED15A2-A723-40CF-9F41-7CEA88731F6D}
2013-10-08 18:30 - 2013-10-08 18:30 - 00000000 ____D C:\Users\Cathy\AppData\Local\{F8875B60-0F93-484B-8107-BD4B1905713E}
2013-10-07 18:54 - 2013-10-07 18:54 - 00000000 ____D C:\Users\Cathy\AppData\Local\{D7F0778E-A06C-4754-BFAB-AB07E86E2560}
2013-10-07 05:49 - 2013-10-07 05:49 - 00000000 ____D C:\Users\Cathy\AppData\Local\{05EAA3D3-55B1-40E7-B0AD-E8B97D3A2CE8}
2013-10-06 14:09 - 2013-10-06 14:10 - 00000000 ____D C:\Users\Cathy\AppData\Local\{67074B93-5FB2-4BB7-AC97-F6508D06D05F}
2013-10-05 22:55 - 2013-10-05 22:56 - 00000000 ____D C:\Users\Cathy\AppData\Local\{FF7D1DE4-7579-4E59-BA92-2AB8CEEB34BE}
2013-10-05 08:46 - 2013-10-05 08:46 - 00000000 ____D C:\Users\Cathy\AppData\Local\{9D5299E4-91A6-4D8C-9F87-3DE6B9E81985}
2013-10-04 20:46 - 2013-10-04 20:46 - 00000000 ____D C:\Users\Cathy\AppData\Local\{6D9B2B81-A7F6-4A9D-BF0D-4FACAE364049}
2013-10-04 08:43 - 2013-10-04 08:43 - 00000000 ____D C:\Users\Cathy\AppData\Local\{B09749F1-E40E-42BB-9F49-0EE55698A6D3}
2013-10-03 19:01 - 2013-10-03 19:01 - 00000000 ____D C:\Users\Cathy\AppData\Local\{11489B1E-23E0-4272-B7A3-869962D73486}
2013-10-02 19:05 - 2013-10-02 19:05 - 00000000 ____D C:\Users\Cathy\AppData\Local\{75926093-A0F7-4B5A-B6A8-1427B19BE7AE}
2013-10-02 06:50 - 2013-10-02 06:51 - 00000000 ____D C:\Users\Cathy\AppData\Local\{3FC6C3B6-7EB5-49A5-94BD-DFD6329C6C47}
2013-10-01 18:50 - 2013-10-01 18:50 - 00000000 ____D C:\Users\Cathy\AppData\Local\{5FF2A5F8-F6BC-417B-915A-9DA6B9FA4455}
2013-09-30 21:02 - 2013-09-30 21:02 - 00000000 ____D C:\Users\Cathy\AppData\Local\{CE34DCBE-8080-4A1E-B988-454FD2EFE0E5}
2013-09-30 20:49 - 2013-09-30 20:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-30 06:09 - 2013-09-30 06:09 - 00000000 ____D C:\Users\Cathy\AppData\Local\{4F41DE23-802D-416B-B9F6-EFE5A85ED12F}
2013-09-29 16:27 - 2013-09-29 16:27 - 00000000 ____D C:\Users\Cathy\AppData\Local\{70036B2F-81E0-4CDA-BDB6-0560BA4802E4}
2013-09-29 00:46 - 2013-09-29 00:47 - 00000000 ____D C:\Users\Cathy\AppData\Local\{425D03C4-A6A8-4928-B71A-ECD3533A6BF0}
2013-09-28 10:21 - 2013-09-28 10:22 - 00000000 ____D C:\Users\Cathy\AppData\Local\{8ABAA225-E4ED-4B6C-8511-6FAB997AEB68}
2013-09-27 22:21 - 2013-09-27 22:21 - 00000000 ____D C:\Users\Cathy\AppData\Local\{4B4179D7-366F-4F9A-A7B7-A164DFD72092}
2013-09-26 18:28 - 2013-09-26 18:28 - 00000000 ____D C:\Users\Cathy\AppData\Local\{6E9FDEB9-0B68-4243-BB45-0B6E208108D1}
2013-09-25 18:13 - 2013-09-25 18:13 - 00000000 ____D C:\Users\Cathy\AppData\Local\{08F1B50D-DF29-4C88-98E9-46E8259D1BF0}
2013-09-24 19:46 - 2013-09-24 19:46 - 00000000 ____D C:\Users\Cathy\AppData\Local\{18CB68F4-F4BE-4987-A913-2EC795135536}
2013-09-24 06:52 - 2013-09-24 06:53 - 00000000 ____D C:\Users\Cathy\AppData\Local\{ACAB4D30-5E14-4106-89DE-67EF3B6B8E05}
2013-09-23 18:52 - 2013-09-23 18:52 - 00000000 ____D C:\Users\Cathy\AppData\Local\{8ADAE47F-FB18-4B66-9C2D-7BA56108F114}
2013-09-23 05:57 - 2013-09-23 05:57 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C1993F36-FDE3-4FC8-A0A3-F37430132395}
2013-09-22 15:40 - 2013-09-22 15:40 - 00000000 ____D C:\Users\Cathy\AppData\Local\{7203254D-154B-4DF4-8BE3-D827CFAF7394}
2013-09-19 19:25 - 2013-09-19 19:25 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C4071433-0110-471F-8AA5-6F460C97D4F0}

==================== One Month Modified Files and Folders =======

2013-10-19 10:04 - 2013-10-19 10:04 - 01954124 _____ (Farbar) C:\Users\Cathy\Downloads\FRST64.exe
2013-10-19 10:04 - 2013-10-19 10:04 - 00000000 ____D C:\FRST
2013-10-19 10:04 - 2011-02-08 04:40 - 02075411 _____ C:\Windows\WindowsUpdate.log
2013-10-19 10:02 - 2013-10-19 10:02 - 00002756 _____ C:\Users\Cathy\Desktop\AdwCleaner[S0].txt
2013-10-19 10:01 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-19 10:01 - 2009-07-14 00:51 - 00191052 _____ C:\Windows\setupact.log
2013-10-19 10:00 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-19 10:00 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-19 09:59 - 2013-10-19 07:49 - 00000000 ____D C:\AdwCleaner
2013-10-19 07:52 - 2013-10-19 07:52 - 00003180 _____ C:\Users\Cathy\Desktop\AdwCleaner[R0].txt
2013-10-19 07:48 - 2013-10-19 07:48 - 01050644 _____ C:\Users\Cathy\Desktop\AdwCleaner.exe
2013-10-19 07:47 - 2009-07-14 01:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-19 07:38 - 2013-10-19 07:38 - 00000000 ____D C:\Users\Cathy\AppData\Local\{1CC7A966-9D0A-4DA1-AD4A-6F6F83CDA620}
2013-10-18 23:29 - 2013-09-05 17:23 - 00000000 ____D C:\Windows\system32\MRT
2013-10-18 22:53 - 2013-10-18 22:54 - 00891167 _____ C:\Users\Cathy\Downloads\SecurityCheck.exe
2013-10-18 22:49 - 2011-02-08 04:49 - 00362766 _____ C:\Windows\PFRO.log
2013-10-18 21:48 - 2011-02-08 05:04 - 00000000 ____D C:\ProgramData\RoxioNow
2013-10-18 21:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-10-18 21:43 - 2010-10-16 17:10 - 00000000 ____D C:\ProgramData\Recovery
2013-10-18 18:22 - 2013-10-18 18:22 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-18 18:22 - 2011-08-14 08:35 - 00000000 ____D C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-10-18 18:22 - 2011-02-08 05:06 - 00000000 ____D C:\ProgramData\Norton
2013-10-18 18:21 - 2013-10-18 18:21 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-10-18 18:21 - 2013-10-18 18:21 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-10-18 18:21 - 2013-10-18 18:21 - 00002577 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-10-18 18:21 - 2012-04-28 12:49 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-18 18:21 - 2011-08-14 09:01 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-10-18 18:20 - 2013-10-18 18:20 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-10-18 18:20 - 2013-10-18 18:20 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-10-18 18:18 - 2011-08-14 08:35 - 00001255 _____ C:\Users\Cathy\Desktop\Norton Installation Files.lnk
2013-10-18 18:14 - 2013-10-18 18:15 - 00869456 _____ C:\Users\Cathy\Downloads\Norton_Removal_Tool.exe
2013-10-18 18:13 - 2013-10-18 18:13 - 07539624 _____ (Symantec Corporation) C:\Users\Cathy\Downloads\NRnR.exe
2013-10-18 18:13 - 2013-10-18 18:13 - 00000000 ____D C:\ProgramData\NortonRnR
2013-10-18 17:58 - 2013-10-13 08:59 - 01021952 _____ (Symantec Corporation) C:\Users\Cathy\Downloads\NISDownloader.exe
2013-10-18 17:58 - 2011-08-14 08:35 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-10-18 17:56 - 2013-10-18 17:56 - 00000000 ____D C:\Users\Cathy\AppData\Local\{74EFC65E-79DF-4EF3-B1C0-09EC9B3A1220}
2013-10-18 17:50 - 2011-06-23 17:50 - 00000000 ____D C:\Users\Cathy
2013-10-17 19:06 - 2013-10-17 19:06 - 00000000 ____D C:\Users\Cathy\AppData\Local\{7602E6EC-2010-4E2A-806A-BC8A4A03097B}
2013-10-16 19:05 - 2013-10-16 19:05 - 00000000 ____D C:\Users\Cathy\AppData\Local\{91F9D566-06F3-401D-BF3A-34421187A995}
2013-10-15 20:44 - 2013-10-15 20:44 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C42BC92E-28F1-480C-8281-D0C3879AAB7B}
2013-10-15 20:41 - 2011-06-26 12:43 - 00000000 ____D C:\Users\Cathy\AppData\Local\CrashDumps
2013-10-14 19:18 - 2013-10-14 19:18 - 00000000 ____D C:\Users\Cathy\AppData\Local\{9E540A4C-60F8-4F7B-B803-769409C7AFF8}
2013-10-14 05:12 - 2013-10-14 05:12 - 00000000 ____D C:\Users\Cathy\AppData\Local\{A332B25F-A83C-4441-AB4F-4E523077CBC4}
2013-10-13 11:39 - 2013-10-13 11:39 - 00000000 ____D C:\Users\Cathy\AppData\Local\{52096E4A-996A-4E82-99C4-1F6349F94993}
2013-10-13 11:28 - 2008-04-30 21:45 - 00266240 _____ C:\Users\Cathy\Desktop\LoanPayments.xls
2013-10-12 21:50 - 2013-10-12 21:50 - 00000000 ____D C:\Users\Cathy\AppData\Local\{4E1E882B-F187-491D-847D-EEC72684E6C8}
2013-10-12 07:49 - 2013-10-12 07:48 - 00000000 ____D C:\Users\Cathy\AppData\Local\{D7A68407-C595-472C-B582-FF73E56E484D}
2013-10-11 18:13 - 2013-10-11 18:12 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C106F2D6-76E9-4511-96C3-6636D9FF69A0}
2013-10-10 20:28 - 2013-10-10 20:28 - 00000000 ____D C:\Users\Cathy\AppData\Local\{4F9713A1-A75E-4717-8CCB-A43742E796F4}
2013-10-09 18:20 - 2013-10-09 18:20 - 00000000 ____D C:\Users\Cathy\AppData\Local\{B2ED15A2-A723-40CF-9F41-7CEA88731F6D}
2013-10-08 18:30 - 2013-10-08 18:30 - 00000000 ____D C:\Users\Cathy\AppData\Local\{F8875B60-0F93-484B-8107-BD4B1905713E}
2013-10-07 18:54 - 2013-10-07 18:54 - 00000000 ____D C:\Users\Cathy\AppData\Local\{D7F0778E-A06C-4754-BFAB-AB07E86E2560}
2013-10-07 05:49 - 2013-10-07 05:49 - 00000000 ____D C:\Users\Cathy\AppData\Local\{05EAA3D3-55B1-40E7-B0AD-E8B97D3A2CE8}
2013-10-06 14:10 - 2013-10-06 14:09 - 00000000 ____D C:\Users\Cathy\AppData\Local\{67074B93-5FB2-4BB7-AC97-F6508D06D05F}
2013-10-05 22:56 - 2013-10-05 22:55 - 00000000 ____D C:\Users\Cathy\AppData\Local\{FF7D1DE4-7579-4E59-BA92-2AB8CEEB34BE}
2013-10-05 08:46 - 2013-10-05 08:46 - 00000000 ____D C:\Users\Cathy\AppData\Local\{9D5299E4-91A6-4D8C-9F87-3DE6B9E81985}
2013-10-04 20:46 - 2013-10-04 20:46 - 00000000 ____D C:\Users\Cathy\AppData\Local\{6D9B2B81-A7F6-4A9D-BF0D-4FACAE364049}
2013-10-04 08:43 - 2013-10-04 08:43 - 00000000 ____D C:\Users\Cathy\AppData\Local\{B09749F1-E40E-42BB-9F49-0EE55698A6D3}
2013-10-03 22:41 - 2012-04-02 16:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-03 22:41 - 2011-07-08 17:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-03 19:01 - 2013-10-03 19:01 - 00000000 ____D C:\Users\Cathy\AppData\Local\{11489B1E-23E0-4272-B7A3-869962D73486}
2013-10-02 19:05 - 2013-10-02 19:05 - 00000000 ____D C:\Users\Cathy\AppData\Local\{75926093-A0F7-4B5A-B6A8-1427B19BE7AE}
2013-10-02 06:51 - 2013-10-02 06:50 - 00000000 ____D C:\Users\Cathy\AppData\Local\{3FC6C3B6-7EB5-49A5-94BD-DFD6329C6C47}
2013-10-01 18:50 - 2013-10-01 18:50 - 00000000 ____D C:\Users\Cathy\AppData\Local\{5FF2A5F8-F6BC-417B-915A-9DA6B9FA4455}
2013-10-01 06:09 - 2012-09-03 09:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 06:05 - 2011-06-25 11:04 - 00000000 ____D C:\Users\Cathy\AppData\Local\Mozilla
2013-09-30 21:02 - 2013-09-30 21:02 - 00000000 ____D C:\Users\Cathy\AppData\Local\{CE34DCBE-8080-4A1E-B988-454FD2EFE0E5}
2013-09-30 20:49 - 2013-09-30 20:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-30 06:09 - 2013-09-30 06:09 - 00000000 ____D C:\Users\Cathy\AppData\Local\{4F41DE23-802D-416B-B9F6-EFE5A85ED12F}
2013-09-29 16:27 - 2013-09-29 16:27 - 00000000 ____D C:\Users\Cathy\AppData\Local\{70036B2F-81E0-4CDA-BDB6-0560BA4802E4}
2013-09-29 00:47 - 2013-09-29 00:46 - 00000000 ____D C:\Users\Cathy\AppData\Local\{425D03C4-A6A8-4928-B71A-ECD3533A6BF0}
2013-09-28 10:22 - 2013-09-28 10:21 - 00000000 ____D C:\Users\Cathy\AppData\Local\{8ABAA225-E4ED-4B6C-8511-6FAB997AEB68}
2013-09-27 22:21 - 2013-09-27 22:21 - 00000000 ____D C:\Users\Cathy\AppData\Local\{4B4179D7-366F-4F9A-A7B7-A164DFD72092}
2013-09-26 18:28 - 2013-09-26 18:28 - 00000000 ____D C:\Users\Cathy\AppData\Local\{6E9FDEB9-0B68-4243-BB45-0B6E208108D1}
2013-09-26 01:46 - 2011-06-25 03:57 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-25 18:13 - 2013-09-25 18:13 - 00000000 ____D C:\Users\Cathy\AppData\Local\{08F1B50D-DF29-4C88-98E9-46E8259D1BF0}
2013-09-25 06:45 - 2007-03-01 21:16 - 00000000 ____D C:\Users\Cathy\Documents\MyPoems
2013-09-24 19:46 - 2013-09-24 19:46 - 00000000 ____D C:\Users\Cathy\AppData\Local\{18CB68F4-F4BE-4987-A913-2EC795135536}
2013-09-24 06:53 - 2013-09-24 06:52 - 00000000 ____D C:\Users\Cathy\AppData\Local\{ACAB4D30-5E14-4106-89DE-67EF3B6B8E05}
2013-09-23 20:14 - 2011-06-23 20:10 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCATHY-HP$
2013-09-23 20:14 - 2011-06-23 20:10 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForCATHY-HP$.job
2013-09-23 18:52 - 2013-09-23 18:52 - 00000000 ____D C:\Users\Cathy\AppData\Local\{8ADAE47F-FB18-4B66-9C2D-7BA56108F114}
2013-09-23 05:57 - 2013-09-23 05:57 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C1993F36-FDE3-4FC8-A0A3-F37430132395}
2013-09-22 15:40 - 2013-09-22 15:40 - 00000000 ____D C:\Users\Cathy\AppData\Local\{7203254D-154B-4DF4-8BE3-D827CFAF7394}
2013-09-19 21:14 - 2013-07-06 12:15 - 00000000 ____D C:\Users\Cathy\Documents\ResumeReferencesSalary
2013-09-19 19:25 - 2013-09-19 19:25 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C4071433-0110-471F-8AA5-6F460C97D4F0}

Files to move or delete:
====================
C:\Users\Cathy\FREECELL.EXE
C:\Users\Cathy\winzip80.exe


Some content of TEMP:
====================
C:\Users\Cathy\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Cathy\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Cathy\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Cathy\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe
C:\Users\Cathy\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Cathy\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Cathy\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Cathy\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Cathy\AppData\Local\Temp\MSN980D.exe
C:\Users\Cathy\AppData\Local\Temp\Quarantine.exe
C:\Users\Cathy\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Cathy\AppData\Local\Temp\swt-win32-3448.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-13 16:56

==================== End Of Log ============================



#7 SoulsLight

SoulsLight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 19 October 2013 - 09:15 AM

 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Cathy at 2013-10-19 10:06:42
Running from C:\Users\Cathy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3)
Adobe AIR (x32 Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader 9.5.5 MUI (x32 Version: 9.5.5)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
ATI Catalyst Install Manager (Version: 3.0.790.0)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.2.7485)
Bounce Symphony (x32 Version: 2.2.0.95)
Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0909.1412.23625)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0909.1412.23625)
Catalyst Control Center InstallProxy (x32 Version: 2010.0909.1412.23625)
Catalyst Control Center Localization All (x32 Version: 2010.0909.1412.23625)
CCC Help Chinese Standard (x32 Version: 2010.0909.1411.23625)
CCC Help Chinese Traditional (x32 Version: 2010.0909.1411.23625)
CCC Help Czech (x32 Version: 2010.0909.1411.23625)
CCC Help Danish (x32 Version: 2010.0909.1411.23625)
CCC Help Dutch (x32 Version: 2010.0909.1411.23625)
CCC Help English (x32 Version: 2010.0909.1411.23625)
CCC Help Finnish (x32 Version: 2010.0909.1411.23625)
CCC Help French (x32 Version: 2010.0909.1411.23625)
CCC Help German (x32 Version: 2010.0909.1411.23625)
CCC Help Greek (x32 Version: 2010.0909.1411.23625)
CCC Help Hungarian (x32 Version: 2010.0909.1411.23625)
CCC Help Italian (x32 Version: 2010.0909.1411.23625)
CCC Help Japanese (x32 Version: 2010.0909.1411.23625)
CCC Help Korean (x32 Version: 2010.0909.1411.23625)
CCC Help Norwegian (x32 Version: 2010.0909.1411.23625)
CCC Help Polish (x32 Version: 2010.0909.1411.23625)
CCC Help Portuguese (x32 Version: 2010.0909.1411.23625)
CCC Help Russian (x32 Version: 2010.0909.1411.23625)
CCC Help Spanish (x32 Version: 2010.0909.1411.23625)
CCC Help Swedish (x32 Version: 2010.0909.1411.23625)
CCC Help Thai (x32 Version: 2010.0909.1411.23625)
CCC Help Turkish (x32 Version: 2010.0909.1411.23625)
ccc-core-static (x32 Version: 2010.0909.1412.23625)
ccc-utility64 (Version: 2010.0909.1412.23625)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Contents (x32 Version: 1.6.0.294)
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000)
Corel PaintShop Photo Pro X3 (x32 Version: 1.6.1.252)
Corel VideoStudio Pro X3 (x32 Version: 1.6.0.294)
CyberLink DVD Suite (x32 Version: 7.0.3320)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DeviceIO (x32 Version: 1.6.0.294)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dora's World Adventure (x32 Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
Energy Star Digital Logo (x32 Version: 1.0.1)
EPSON Printer Software
eReg (x32 Version: 1.20.138.34)
Escape Rosecliff Island (x32 Version: 2.2.0.95)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
Fences Pro (Version: 1.0.1.312)
Fences Pro (x32 Version: 1.0.1.312.19219)
FileZilla Client 3.7.3 (HKCU Version: 3.7.3)
Final Drive Nitro (x32 Version: 2.2.0.95)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.0.10.1)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.3.1)
HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.5)
HP MediaSmart DVD (x32 Version: 4.2.4521)
HP MediaSmart Movies and TV (Version: 1.0.1.2)
HP MediaSmart Music (x32 Version: 4.2.4604)
HP MediaSmart Photo (x32 Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.2)
HP MediaSmart Video (x32 Version: 4.2.4522)
HP MediaSmart Webcam (x32 Version: 4.2.3303)
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.4.0)
HP MovieStore (x32 Version: 1.0.023)
HP MovieStore (x32 Version: 2.0.2)
HP Photo Creations (x32 Version: 1.0.0.4042)
HP Power Manager (x32 Version: 1.1.2)
HP Quick Launch (x32 Version: 2.2.7)
HP Setup (x32 Version: 8.4.4400.3525)
HP Setup Manager (x32 Version: 1.0.12844.3519)
HP SimplePass Identity Protection (Version: 5.20.205)
HP Software Framework (x32 Version: 4.0.70.1)
HP Support Assistant (x32 Version: 5.1.8.12)
HP Wireless Assistant (Version: 4.0.10.0)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3)
Hulu Desktop (HKCU Version: 0.9.13)
ICA (x32 Version: 1.6.0.294)
ICA (x32 Version: 1.6.1.252)
IDT Audio (x32 Version: 1.0.6292.0)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Rapid Storage Technology (x32 Version: 9.6.2.1001)
Intel® Turbo Boost Technology Driver (x32 Version: 01.00.01.1002)
IPM_PSP_Pro (x32 Version: 1.00.0000)
IPM_VS_Pro (x32 Version: 13.0)
ISCOM (x32 Version: 1.6.0.294)
ISCOM (x32 Version: 1.6.1.252)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LabelPrint (x32 Version: 2.5.3220)
LightScribe System Software (x32 Version: 1.18.18.1)
Logitech Unifying Software 2.10 (Version: 2.10.37)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
MiFi4510 Mobile Broadband Drivers (x32 Version: 1.02.001.001.13)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
Norton Internet Security (x32 Version: 21.1.0.18)
Norton Online Backup (x32 Version: 2.1.17869)
Paint Shop Pro 7 (x32 Version: 7.0.2.0000)
PeaZip 4.7.2 (x32)
Penguins! (x32 Version: 2.2.0.95)
PhotoNow! (x32 Version: 1.1.7717)
Plants vs. Zombies (x32 Version: 2.2.0.95)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Power2Go (x32 Version: 6.1.4419)
PowerDirector (x32 Version: 8.0.3320)
PSPPContent (x32 Version: 1.00.0000)
PSPPRO_DCRAW (x32 Version: 13.0.0)
PureHD (x32 Version: 1.6.0.294)
PX Profile Update (x32 Version: 1.00.1.)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.23.623.2010)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111)
Recovery Manager (x32 Version: 5.5.3223)
RoxioNow Player (x32 Version: 1.9.5.101)
Setup (x32 Version: 1.6.0.294)
Setup (x32 Version: 1.6.1.252)
Share (x32 Version: 1.6.0.294)
Share64 (Version: 1.6.0.294)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
Times Reader (x32 Version: 2.055)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Validity Sensors DDK (Version: 4.1.139.0)
VIO (x32 Version: 1.6.0.294)
Virtual Families (x32 Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
VSClassic (x32 Version: 1.6.0.294)
VSPro (x32 Version: 1.6.0.294)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Encoder 9 Series (x32 Version: 9.00.2980)
Windows Media Encoder 9 Series (x32)
Yahoo! Messenger (x32)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

20-08-2013 01:00:21 Scheduled Checkpoint
30-08-2013 18:46:01 Scheduled Checkpoint
05-09-2013 21:21:28 Windows Update
14-09-2013 20:48:28 Scheduled Checkpoint
13-10-2013 21:03:16 Scheduled Checkpoint
19-10-2013 03:26:56 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2012-06-28 20:20 - 00609980 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  am1.activemeter.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  ad2games.com
127.0.0.1  cms.ad2click.nl
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
127.0.0.1  banner.ad.nu

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1AC03682-B774-4B8E-B989-C7EDFF092345} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {3BE82B3F-A2E4-480E-A6A1-A56D5F205D82} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {5900B129-1F41-4090-8651-372E4FEC7480} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-03] (CyberLink)
Task: {7F6495C9-9E1E-44A6-86AC-95D9D5E56ED6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {A75972D5-C876-4FAC-9EA0-2E843F8C7B77} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B5A365B9-C5DC-4A12-9AD9-EA3A4062FE82} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {B6A7939E-949F-4007-BB06-BFF188D78521} - System32\Tasks\HPCeeScheduleForCATHY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {CD9424D4-3CFF-445A-83C1-CBC30B931AF5} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] ()
Task: {FC85299A-3A7D-4A9A-B637-C285D9470434} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: C:\Windows\Tasks\HPCeeScheduleForCATHY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-29 23:39 - 2010-07-29 23:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-09-09 19:50 - 2010-09-09 19:50 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-09 18:11 - 2010-09-09 18:11 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-07-21 17:33 - 2010-07-21 17:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 17:33 - 2010-07-21 17:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-07-21 17:33 - 2010-07-21 17:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2013-08-07 15:25 - 2013-08-07 15:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2010-08-16 17:21 - 2010-08-16 17:21 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-08-16 17:21 - 2010-08-16 17:21 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-08-16 17:21 - 2010-08-16 17:21 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-09-30 20:49 - 2013-09-30 20:49 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service"

==================== Faulty Device Manager Devices =============

Name: HP Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2013 05:59:44 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (10/15/2013 08:41:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DesktopDock64.dll, version: 1.0.1.0, time stamp: 0x4c9256c9
Exception code: 0xc0000005
Fault offset: 0x0000000000035dad
Faulting process id: 0x950
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (10/13/2013 07:00:01 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (10/12/2013 09:48:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DesktopDock64.dll, version: 1.0.1.0, time stamp: 0x4c9256c9
Exception code: 0xc0000005
Fault offset: 0x0000000000035dad
Faulting process id: 0x320
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (10/11/2013 09:02:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1069, time stamp: 0x4c892701
Faulting module name: atiadlxx.dll, version: 6.14.10.1054, time stamp: 0x4c891f0c
Exception code: 0xc0000005
Fault offset: 0x000000000001f468
Faulting process id: 0x4fc
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3

Error: (10/06/2013 07:00:01 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (10/02/2013 06:55:32 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (10/01/2013 06:06:59 AM) (Source: Application Hang) (User: )
Description: The program wlmail.exe version 15.4.3555.308 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11d8

Start Time: 01cebe8dca232126

Termination Time: 31

Application Path: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

Report Id: 2ee4d8d8-2a81-11e3-8dc8-e02a82f7843f

Error: (09/29/2013 07:00:01 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (09/23/2013 06:05:54 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).


System errors:
=============
Error: (10/18/2013 11:31:00 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/18/2013 06:15:49 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/18/2013 06:05:28 PM) (Source: Service Control Manager) (User: )
Description: The BHDrvx64 service failed to start due to the following error:
%%2

Error: (10/18/2013 06:05:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error: (10/18/2013 05:49:52 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error: (09/23/2013 06:52:22 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:51:09 AM on ‎9/‎23/‎2013 was unexpected.

Error: (09/06/2013 06:40:36 PM) (Source: Service Control Manager) (User: )
Description: The Windows Backup service failed to start due to the following error:
%%1053

Error: (09/06/2013 06:40:36 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Backup service to connect.

Error: (09/06/2013 06:40:36 PM) (Source: DCOM) (User: )
Description: 1053sdrsvc{687E55CA-6621-4C41-B9F1-C0EDDC94BB05}

Error: (09/06/2013 06:04:01 AM) (Source: Service Control Manager) (User: )
Description: The Windows Backup service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (10/18/2013 05:59:44 PM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (10/15/2013 08:41:21 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4DesktopDock64.dll1.0.1.04c9256c9c00000050000000000035dad95001ceca08663e5a5cC:\Windows\Explorer.EXEc:\program files\stardock\fences pro\DesktopDock64.dllad208161-35fb-11e3-9d50-e02a82f7843f

Error: (10/13/2013 07:00:01 PM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (10/12/2013 09:48:57 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4DesktopDock64.dll1.0.1.04c9256c9c00000050000000000035dad32001cec7b656ab1356C:\Windows\Explorer.EXEc:\program files\stardock\fences pro\DesktopDock64.dll9f7fc35d-33a9-11e3-9edd-e02a82f7843f

Error: (10/11/2013 09:02:36 PM) (Source: Application Error)(User: )
Description: atieclxx.exe6.14.11.10694c892701atiadlxx.dll6.14.10.10544c891f0cc0000005000000000001f4684fc01cec6ceb4f9c882C:\Windows\system32\atieclxx.exeC:\Windows\system32\atiadlxx.dllfb57f3c0-32d9-11e3-9a9c-e02a82f7843f

Error: (10/06/2013 07:00:01 PM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (10/02/2013 06:55:32 AM) (Source: ATIeRecord)(User: )
Description:

Error: (10/01/2013 06:06:59 AM) (Source: Application Hang)(User: )
Description: wlmail.exe15.4.3555.30811d801cebe8dca23212631C:\Program Files (x86)\Windows Live\Mail\wlmail.exe2ee4d8d8-2a81-11e3-8dc8-e02a82f7843f

Error: (09/29/2013 07:00:01 PM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (09/23/2013 06:05:54 AM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)


==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 5941.86 MB
Available physical RAM: 3921.59 MB
Total Pagefile: 11881.9 MB
Available Pagefile: 9633.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:667.96 GB) (Free:575.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:30.38 GB) (Free:4.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 40C486BC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=668 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#8 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,020 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 19 October 2013 - 10:37 AM

Do you currently use this program DigitalPersona

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run quick scan with Malwarebytes, post its log..

 

Let me see those two logs, also give an update on any remaining issues or concerns..

 

Kevin

 

Attached Files


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#9 SoulsLight

SoulsLight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 19 October 2013 - 12:07 PM

I don't know what DigitalPersona is. I know I don't intentionally use it.

 

Everything is running fine. Here are the logs

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Cathy at 2013-10-19 12:53:35 Run:1
Running from C:\Users\Cathy\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
2013-10-18 17:56 - 2013-10-18 17:56 - 00000000 ____D C:\Users\Cathy\AppData\Local\{74EFC65E-79DF-4EF3-B1C0-09EC9B3A1220}
2013-10-17 19:06 - 2013-10-17 19:06 - 00000000 ____D C:\Users\Cathy\AppData\Local\{7602E6EC-2010-4E2A-806A-BC8A4A03097B}
2013-10-16 19:05 - 2013-10-16 19:05 - 00000000 ____D C:\Users\Cathy\AppData\Local\{91F9D566-06F3-401D-BF3A-34421187A995}
2013-10-15 20:44 - 2013-10-15 20:44 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C42BC92E-28F1-480C-8281-D0C3879AAB7B}
2013-10-14 19:18 - 2013-10-14 19:18 - 00000000 ____D C:\Users\Cathy\AppData\Local\{9E540A4C-60F8-4F7B-B803-769409C7AFF8}
2013-10-14 05:12 - 2013-10-14 05:12 - 00000000 ____D C:\Users\Cathy\AppData\Local\{A332B25F-A83C-4441-AB4F-4E523077CBC4}
2013-10-13 11:39 - 2013-10-13 11:39 - 00000000 ____D C:\Users\Cathy\AppData\Local\{52096E4A-996A-4E82-99C4-1F6349F94993}
2013-10-12 21:50 - 2013-10-12 21:50 - 00000000 ____D C:\Users\Cathy\AppData\Local\{4E1E882B-F187-491D-847D-EEC72684E6C8}
2013-10-12 07:48 - 2013-10-12 07:49 - 00000000 ____D C:\Users\Cathy\AppData\Local\{D7A68407-C595-472C-B582-FF73E56E484D}
2013-10-11 18:12 - 2013-10-11 18:13 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C106F2D6-76E9-4511-96C3-6636D9FF69A0}
2013-10-10 20:28 - 2013-10-10 20:28 - 00000000 ____D C:\Users\Cathy\AppData\Local\{4F9713A1-A75E-4717-8CCB-A43742E796F4}
2013-10-09 18:20 - 2013-10-09 18:20 - 00000000 ____D C:\Users\Cathy\AppData\Local\{B2ED15A2-A723-40CF-9F41-7CEA88731F6D}
2013-10-08 18:30 - 2013-10-08 18:30 - 00000000 ____D C:\Users\Cathy\AppData\Local\{F8875B60-0F93-484B-8107-BD4B1905713E}
2013-10-07 18:54 - 2013-10-07 18:54 - 00000000 ____D C:\Users\Cathy\AppData\Local\{D7F0778E-A06C-4754-BFAB-AB07E86E2560}
2013-10-07 05:49 - 2013-10-07 05:49 - 00000000 ____D C:\Users\Cathy\AppData\Local\{05EAA3D3-55B1-40E7-B0AD-E8B97D3A2CE8}
2013-10-06 14:09 - 2013-10-06 14:10 - 00000000 ____D C:\Users\Cathy\AppData\Local\{67074B93-5FB2-4BB7-AC97-F6508D06D05F}
2013-10-05 22:55 - 2013-10-05 22:56 - 00000000 ____D C:\Users\Cathy\AppData\Local\{FF7D1DE4-7579-4E59-BA92-2AB8CEEB34BE}
2013-10-05 08:46 - 2013-10-05 08:46 - 00000000 ____D C:\Users\Cathy\AppData\Local\{9D5299E4-91A6-4D8C-9F87-3DE6B9E81985}
2013-10-04 20:46 - 2013-10-04 20:46 - 00000000 ____D C:\Users\Cathy\AppData\Local\{6D9B2B81-A7F6-4A9D-BF0D-4FACAE364049}
2013-10-04 08:43 - 2013-10-04 08:43 - 00000000 ____D C:\Users\Cathy\AppData\Local\{B09749F1-E40E-42BB-9F49-0EE55698A6D3}
2013-10-03 19:01 - 2013-10-03 19:01 - 00000000 ____D C:\Users\Cathy\AppData\Local\{11489B1E-23E0-4272-B7A3-869962D73486}
2013-10-02 19:05 - 2013-10-02 19:05 - 00000000 ____D C:\Users\Cathy\AppData\Local\{75926093-A0F7-4B5A-B6A8-1427B19BE7AE}
2013-10-02 06:50 - 2013-10-02 06:51 - 00000000 ____D C:\Users\Cathy\AppData\Local\{3FC6C3B6-7EB5-49A5-94BD-DFD6329C6C47}
2013-10-01 18:50 - 2013-10-01 18:50 - 00000000 ____D C:\Users\Cathy\AppData\Local\{5FF2A5F8-F6BC-417B-915A-9DA6B9FA4455}
2013-09-30 21:02 - 2013-09-30 21:02 - 00000000 ____D C:\Users\Cathy\AppData\Local\{CE34DCBE-8080-4A1E-B988-454FD2EFE0E5}
2013-09-30 06:09 - 2013-09-30 06:09 - 00000000 ____D C:\Users\Cathy\AppData\Local\{4F41DE23-802D-416B-B9F6-EFE5A85ED12F}
2013-09-29 16:27 - 2013-09-29 16:27 - 00000000 ____D C:\Users\Cathy\AppData\Local\{70036B2F-81E0-4CDA-BDB6-0560BA4802E4}
2013-09-29 00:46 - 2013-09-29 00:47 - 00000000 ____D C:\Users\Cathy\AppData\Local\{425D03C4-A6A8-4928-B71A-ECD3533A6BF0}
2013-09-28 10:21 - 2013-09-28 10:22 - 00000000 ____D C:\Users\Cathy\AppData\Local\{8ABAA225-E4ED-4B6C-8511-6FAB997AEB68}
2013-09-27 22:21 - 2013-09-27 22:21 - 00000000 ____D C:\Users\Cathy\AppData\Local\{4B4179D7-366F-4F9A-A7B7-A164DFD72092}
2013-09-26 18:28 - 2013-09-26 18:28 - 00000000 ____D C:\Users\Cathy\AppData\Local\{6E9FDEB9-0B68-4243-BB45-0B6E208108D1}
2013-09-25 18:13 - 2013-09-25 18:13 - 00000000 ____D C:\Users\Cathy\AppData\Local\{08F1B50D-DF29-4C88-98E9-46E8259D1BF0}
2013-09-24 19:46 - 2013-09-24 19:46 - 00000000 ____D C:\Users\Cathy\AppData\Local\{18CB68F4-F4BE-4987-A913-2EC795135536}
2013-09-24 06:52 - 2013-09-24 06:53 - 00000000 ____D C:\Users\Cathy\AppData\Local\{ACAB4D30-5E14-4106-89DE-67EF3B6B8E05}
2013-09-23 18:52 - 2013-09-23 18:52 - 00000000 ____D C:\Users\Cathy\AppData\Local\{8ADAE47F-FB18-4B66-9C2D-7BA56108F114}
2013-09-23 05:57 - 2013-09-23 05:57 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C1993F36-FDE3-4FC8-A0A3-F37430132395}
2013-09-22 15:40 - 2013-09-22 15:40 - 00000000 ____D C:\Users\Cathy\AppData\Local\{7203254D-154B-4DF4-8BE3-D827CFAF7394}
2013-09-19 19:25 - 2013-09-19 19:25 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C4071433-0110-471F-8AA5-6F460C97D4F0}
C:\Users\Cathy\FREECELL.EXE
C:\Users\Cathy\winzip80.exe
C:\Users\Cathy\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Cathy\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Cathy\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Cathy\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe
C:\Users\Cathy\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Cathy\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Cathy\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Cathy\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Cathy\AppData\Local\Temp\MSN980D.exe
C:\Users\Cathy\AppData\Local\Temp\Quarantine.exe
C:\Users\Cathy\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Cathy\AppData\Local\Temp\swt-win32-3448.dll
End



*****************

C:\Users\Cathy\AppData\Local\{74EFC65E-79DF-4EF3-B1C0-09EC9B3A1220} => Moved successfully.
C:\Users\Cathy\AppData\Local\{7602E6EC-2010-4E2A-806A-BC8A4A03097B} => Moved successfully.
C:\Users\Cathy\AppData\Local\{91F9D566-06F3-401D-BF3A-34421187A995} => Moved successfully.
C:\Users\Cathy\AppData\Local\{C42BC92E-28F1-480C-8281-D0C3879AAB7B} => Moved successfully.
C:\Users\Cathy\AppData\Local\{9E540A4C-60F8-4F7B-B803-769409C7AFF8} => Moved successfully.
C:\Users\Cathy\AppData\Local\{A332B25F-A83C-4441-AB4F-4E523077CBC4} => Moved successfully.
C:\Users\Cathy\AppData\Local\{52096E4A-996A-4E82-99C4-1F6349F94993} => Moved successfully.
C:\Users\Cathy\AppData\Local\{4E1E882B-F187-491D-847D-EEC72684E6C8} => Moved successfully.
C:\Users\Cathy\AppData\Local\{D7A68407-C595-472C-B582-FF73E56E484D} => Moved successfully.
C:\Users\Cathy\AppData\Local\{C106F2D6-76E9-4511-96C3-6636D9FF69A0} => Moved successfully.
C:\Users\Cathy\AppData\Local\{4F9713A1-A75E-4717-8CCB-A43742E796F4} => Moved successfully.
C:\Users\Cathy\AppData\Local\{B2ED15A2-A723-40CF-9F41-7CEA88731F6D} => Moved successfully.
C:\Users\Cathy\AppData\Local\{F8875B60-0F93-484B-8107-BD4B1905713E} => Moved successfully.
C:\Users\Cathy\AppData\Local\{D7F0778E-A06C-4754-BFAB-AB07E86E2560} => Moved successfully.
C:\Users\Cathy\AppData\Local\{05EAA3D3-55B1-40E7-B0AD-E8B97D3A2CE8} => Moved successfully.
C:\Users\Cathy\AppData\Local\{67074B93-5FB2-4BB7-AC97-F6508D06D05F} => Moved successfully.
C:\Users\Cathy\AppData\Local\{FF7D1DE4-7579-4E59-BA92-2AB8CEEB34BE} => Moved successfully.
C:\Users\Cathy\AppData\Local\{9D5299E4-91A6-4D8C-9F87-3DE6B9E81985} => Moved successfully.
C:\Users\Cathy\AppData\Local\{6D9B2B81-A7F6-4A9D-BF0D-4FACAE364049} => Moved successfully.
C:\Users\Cathy\AppData\Local\{B09749F1-E40E-42BB-9F49-0EE55698A6D3} => Moved successfully.
C:\Users\Cathy\AppData\Local\{11489B1E-23E0-4272-B7A3-869962D73486} => Moved successfully.
C:\Users\Cathy\AppData\Local\{75926093-A0F7-4B5A-B6A8-1427B19BE7AE} => Moved successfully.
C:\Users\Cathy\AppData\Local\{3FC6C3B6-7EB5-49A5-94BD-DFD6329C6C47} => Moved successfully.
C:\Users\Cathy\AppData\Local\{5FF2A5F8-F6BC-417B-915A-9DA6B9FA4455} => Moved successfully.
C:\Users\Cathy\AppData\Local\{CE34DCBE-8080-4A1E-B988-454FD2EFE0E5} => Moved successfully.
C:\Users\Cathy\AppData\Local\{4F41DE23-802D-416B-B9F6-EFE5A85ED12F} => Moved successfully.
C:\Users\Cathy\AppData\Local\{70036B2F-81E0-4CDA-BDB6-0560BA4802E4} => Moved successfully.
C:\Users\Cathy\AppData\Local\{425D03C4-A6A8-4928-B71A-ECD3533A6BF0} => Moved successfully.
C:\Users\Cathy\AppData\Local\{8ABAA225-E4ED-4B6C-8511-6FAB997AEB68} => Moved successfully.
C:\Users\Cathy\AppData\Local\{4B4179D7-366F-4F9A-A7B7-A164DFD72092} => Moved successfully.
C:\Users\Cathy\AppData\Local\{6E9FDEB9-0B68-4243-BB45-0B6E208108D1} => Moved successfully.
C:\Users\Cathy\AppData\Local\{08F1B50D-DF29-4C88-98E9-46E8259D1BF0} => Moved successfully.
C:\Users\Cathy\AppData\Local\{18CB68F4-F4BE-4987-A913-2EC795135536} => Moved successfully.
C:\Users\Cathy\AppData\Local\{ACAB4D30-5E14-4106-89DE-67EF3B6B8E05} => Moved successfully.
C:\Users\Cathy\AppData\Local\{8ADAE47F-FB18-4B66-9C2D-7BA56108F114} => Moved successfully.
C:\Users\Cathy\AppData\Local\{C1993F36-FDE3-4FC8-A0A3-F37430132395} => Moved successfully.
C:\Users\Cathy\AppData\Local\{7203254D-154B-4DF4-8BE3-D827CFAF7394} => Moved successfully.
C:\Users\Cathy\AppData\Local\{C4071433-0110-471F-8AA5-6F460C97D4F0} => Moved successfully.
C:\Users\Cathy\FREECELL.EXE => Moved successfully.
C:\Users\Cathy\winzip80.exe => Moved successfully.
C:\Users\Cathy\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE => Moved successfully.
C:\Users\Cathy\AppData\Local\Temp\firefoxjre_exe.exe => Moved successfully.
C:\Users\Cathy\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Cathy\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe => Moved successfully.
C:\Users\Cathy\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Cathy\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Cathy\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Cathy\AppData\Local\Temp\LMkRstPt.exe => Moved successfully.
C:\Users\Cathy\AppData\Local\Temp\MSN980D.exe => Moved successfully.
C:\Users\Cathy\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Cathy\AppData\Local\Temp\swt-gdip-win32-3448.dll => Moved successfully.
C:\Users\Cathy\AppData\Local\Temp\swt-win32-3448.dll => Moved successfully.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.18.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cathy :: CATHY-HP [administrator]

10/19/2013 12:54:30 PM
mbam-log-2013-10-19 (12-54-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 211462
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#10 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,020 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 19 October 2013 - 02:23 PM

Adobe Reader is outdated...

Visit http://get.adobe.com.../otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Let me know if you have any remaining issues or concerns....


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#11 SoulsLight

SoulsLight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 19 October 2013 - 02:57 PM

I downloaded the update for Adobe reader and ran Security Check again. It still has the strange message about the WMI entry for antivirus not existing. Is everything ok?

 

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.8.800.168  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 



#12 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,020 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 19 October 2013 - 04:25 PM

Yes that is OK, Norton is up to date I assume?

 

If no issues we can remove FRST...

 

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

 

Delete any fixlist.txt file previously used, we continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

 

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Delete FRST.exe from your Desktop, navigate to and delete its folder C:\FRST

 

Next,

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.

  •   Double click on adwcleaner.exe to run the tool.

  •   Click on Uninstall

  • Click Yes at Would you like to Uninstall Adwcleaner

 

Let me know any remaining issues or concerns...

 

 

Attached Files


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#13 SoulsLight

SoulsLight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 19 October 2013 - 05:27 PM

Yes, Norton is up to date.

 

FRST has been deleted and Adwcleaner uninstalled

 

Everything is fine. Here's the log. As soon as you give me the all clear, I will get started with the Windows updates.

 

Thank you for all your help!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Cathy at 2013-10-19 18:14:36 Run:2
Running from C:\Users\Cathy\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
DeleteQuarantine:
End



*****************

C:\FRST\Quarantine => Removed successfully.

==== End of Fixlog ====



#14 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,020 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 19 October 2013 - 06:21 PM

Yes you can go for the updates, let me know if all ok after you finish with that procedure....


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#15 SoulsLight

SoulsLight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 20 October 2013 - 08:48 AM

Everything is updated an running fine. You can close this unless there's anything else I need to do.

 

Thank you for your help.



#16 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,020 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 20 October 2013 - 10:26 AM

Excellent, good to  hear all is OK. we will close now...


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#17 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,248 posts
  • Gender:Male
  • Location:US

Posted 23 October 2013 - 06:15 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users