Jump to content

Ridcully

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Reputation

0 Neutral
  1. It seems to be running fine -- no more browser hijacks, no more odd slowdowns. It is certainly running faster than it was before the virus, so some of the cleanup certainly helped. Are you aware of any programs that could have interecepted the bad download before it got installed and enmeshed on the system? I have Norton 360 on my system, and I'm not sure that it has any idea yet that there was any infection at all.... Malwarebytes did a good job of pulling some of it off, and got more once I restarted the computer in safe mode and reran it. Even so, having the download or site blocked or the installation blocked would have been preferable.
  2. Combofix log: ComboFix 14-06-19.01 - keith 06/20/2014 8:07.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5072 [GMT -4:00]Running from: c:\users\keith\Desktop\ComboFix.exeAV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Roamingc:\users\keith\GoToAssistDownloadHelper.exec:\windows\SysWow64\DEBUG.logD:\install.exe..((((((((((((((((((((((((( Files Created from 2014-05-20 to 2014-06-20 )))))))))))))))))))))))))))))))..2014-06-20 12:24 . 2014-06-20 12:24 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-18 02:43 . 2014-06-18 02:43 -------- d-----w- c:\program files (x86)\ESET2014-06-18 02:16 . 2014-06-18 02:16 -------- d-----w- c:\program files (x86)\Common Files\Java2014-06-18 02:15 . 2014-05-07 19:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-06-18 02:10 . 2014-06-20 11:48 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-06-18 02:10 . 2014-06-19 22:26 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-06-18 02:10 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-06-18 02:10 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-06-18 02:03 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-06-18 02:02 . 2014-06-18 02:06 -------- d-----w- C:\AdwCleaner2014-06-18 01:51 . 2014-06-18 01:51 -------- d-----w- c:\windows\ERUNT2014-06-18 00:19 . 2014-06-18 00:19 -------- d-sh--w- c:\users\keith\AppData\Local\EmieUserList2014-06-18 00:19 . 2014-06-18 00:19 -------- d-sh--w- c:\users\keith\AppData\Local\EmieSiteList2014-06-18 00:17 . 2014-06-18 00:17 -------- d-----w- c:\programdata\RogueKiller2014-06-17 12:43 . 2014-06-17 12:43 -------- d-----w- c:\program files (x86)\ERUNT2014-06-17 03:00 . 2014-06-17 03:00 -------- d-s---w- c:\windows\system32\CompatTel2014-06-17 02:25 . 2014-06-17 02:30 -------- d-----w- c:\windows\system32\MRT2014-06-17 02:24 . 2014-06-18 00:38 -------- d-----w- c:\users\keith\AppData\Roaming\Notepad++2014-06-17 02:24 . 2014-06-17 02:26 -------- d-----w- c:\program files (x86)\Notepad++2014-06-16 23:33 . 2014-06-16 23:33 -------- d-----w- c:\windows\Migration2014-06-14 18:54 . 2014-06-14 18:54 -------- d-----w- c:\users\keith\AppData\Roaming\Warner Bros. Interactive Entertainment2014-06-14 15:13 . 2014-06-14 15:14 -------- d-----w- c:\users\keith\AppData\Local\NPE2014-06-14 14:17 . 2014-06-19 11:48 -------- d-----w- C:\FRST2014-06-13 22:29 . 2014-06-14 12:59 -------- d-----w- c:\users\keith\AppData\Roaming\Open Download Manager2014-06-13 22:27 . 2014-06-14 13:02 -------- d-----w- c:\program files (x86)\OpenDownloaderManager2014-06-10 23:46 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll2014-06-10 23:46 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll2014-05-26 23:25 . 2014-05-26 23:27 -------- d-----w- c:\users\keith\AppData\Roaming\.technic2014-05-25 03:26 . 2014-05-25 03:26 -------- d-----w- c:\users\keith\AppData\Roaming\.mono2014-05-25 03:26 . 2014-05-25 04:55 -------- d-----w- c:\users\keith\AppData\Roaming\creeperworld32014-05-23 01:12 . 2014-05-23 01:12 -------- d-----w- c:\users\keith\.matplotlib2014-05-23 01:12 . 2014-05-23 01:13 -------- d-----w- c:\users\keith\.ipython2014-05-23 01:08 . 2014-05-23 01:08 -------- d-----w- c:\users\keith\Canopy2014-05-23 01:05 . 2014-05-23 01:05 -------- d-----w- c:\users\keith\AppData\Roaming\Enthought2014-05-23 01:01 . 2014-05-23 01:02 -------- d-----w- c:\users\keith\AppData\Local\Enthought...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-20 04:36 . 2013-06-04 11:59 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-20 04:36 . 2013-06-04 11:59 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-05-18 14:38 . 2014-05-18 14:38 2734592 ----a-w- c:\windows\SysWow64\python34.dll2014-05-18 14:37 . 2014-05-18 14:37 102400 ----a-w- c:\windows\py.exe2014-05-18 14:37 . 2014-05-18 14:37 102912 ----a-w- c:\windows\pyw.exe2014-05-12 11:25 . 2013-12-26 23:00 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-04-12 02:22 . 2014-05-14 06:57 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2014-04-12 02:22 . 2014-05-14 06:57 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys2014-04-12 02:19 . 2014-05-14 06:57 29184 ----a-w- c:\windows\system32\sspisrv.dll2014-04-12 02:19 . 2014-05-14 06:57 136192 ----a-w- c:\windows\system32\sspicli.dll2014-04-12 02:19 . 2014-05-14 06:57 28160 ----a-w- c:\windows\system32\secur32.dll2014-04-12 02:19 . 2014-05-14 06:57 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-04-12 02:19 . 2014-05-14 06:57 31232 ----a-w- c:\windows\system32\lsass.exe2014-04-12 02:12 . 2014-05-14 06:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-04-12 02:10 . 2014-05-14 06:57 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2014-03-25 02:43 . 2014-05-14 06:57 14175744 ----a-w- c:\windows\system32\shell32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-05-29 1754816]"GoogleChromeAutoLaunch_F1D62AC303E2C0B600342FB8ACD4796B"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-06-05 860488].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2013-07-04 113288]"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-05-08 40312]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-12-21 1258504]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"EnableShellExecuteHooks"= 1 (0x1).[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks].R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMEFA64.SYS [x]S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [x]S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\ccSetx64.sys [x]S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140619.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140619.001\IDSvia64.sys [x]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1503000.00C\SYMNETS.SYS [x]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.3.0.12\N360.exe;c:\program files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [x]S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-06-12 21:25 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 01:45].2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 01:45].2014-06-19 c:\windows\Tasks\HPCeeScheduleForkeith.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2014-01-25 1128448].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"NCPluginUpdater"="c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" [2014-06-11 21720].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startHKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exeAddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exeAddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.3.0.12\diMaster.dll\" /prefetch:1""ImagePath"="\SystemRoot\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS""TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.3.0.12;c:\program files (x86)\Norton 360\Engine64\21.3.0.12".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.13".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-06-20 08:45:49ComboFix-quarantined-files.txt 2014-06-20 12:45.Pre-Run: 111,373,811,712 bytes freePost-Run: 110,842,474,496 bytes free.- - End Of File - - F1283929344B598111A586D1508E9C03
  3. Good morning! I am about to kick off combofix. Since it takes a while, I will post the logs when I get home from work this afternoon (EDT, GMT-4). thanks, -Ridcully
  4. Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014Ran by keith at 2014-06-19 07:47:29Running from C:\Users\keith\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) HiddenApple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ArtRage Studio Pro (HKLM-x32\...\Steam App 100970) (Version: - )ATI Catalyst Install Manager (HKLM\...\{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}) (Version: 3.0.816.0 - ATI Technologies, Inc.)Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) HiddenBaggin the Dragon Home Ed v2 (HKLM-x32\...\Baggin the Dragon Home Ed v2) (Version: 2.0.9 - EdAlive)Bardbarian (HKLM-x32\...\Steam App 269490) (Version: - TreeFortress Games)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenBejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) HiddenBing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenBlasterball 3 (x32 Version: 2.2.0.95 - WildTangent) HiddenBlio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) HiddenBuild-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenByki (x32 Version: 4.0 - Transparent Language, Inc.) HiddenByki Standard (HKLM-x32\...\Byki Standard) (Version: 4.0 - Transparent Language, Inc.)Cake Mania (x32 Version: 2.2.0.95 - WildTangent) HiddenCatalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) HiddenCatalyst Control Center (x32 Version: 2011.0315.958.16016 - ATI) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2011.0315.958.16016 - ATI) HiddenCatalyst Control Center InstallProxy (x32 Version: 2011.0315.958.16016 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2011.0315.958.16016 - ATI) HiddenCatalyst Control Center Profiles Mobile (x32 Version: 2011.0315.958.16016 - ATI) HiddenCCC Help Chinese Standard (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Chinese Traditional (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Czech (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Danish (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Dutch (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help English (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Finnish (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help French (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help German (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Greek (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Hungarian (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Italian (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Japanese (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Korean (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Norwegian (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Polish (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Portuguese (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Russian (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Spanish (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Swedish (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Thai (x32 Version: 2011.0315.0957.16016 - ATI) HiddenCCC Help Turkish (x32 Version: 2011.0315.0957.16016 - ATI) Hiddenccc-utility64 (Version: 2011.0315.958.16016 - ATI) HiddenChessmaster (HKLM-x32\...\Steam App 37200) (Version: - PlayFirst)Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version: - Vertigo Gaming)Creeper World 3: Arc Eternal (HKLM-x32\...\Steam App 280220) (Version: - Knuckle Cracker)Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)CyberLink YouCam (x32 Version: 3.5.1.3908 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) HiddenDLC Quest (HKLM-x32\...\Steam App 230050) (Version: - )Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenDota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)Dungeon Siege (HKLM-x32\...\Steam App 39190) (Version: - Gas Powered Games)Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)Enthought Canopy (64-bit) (HKLM\...\{93D7DF53-FDD4-4270-B83C-1EBC15FA1A87}) (Version: 1.4.0.233 - Enthought, Inc.)ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)Everyday Genius: SquareLogic (HKLM-x32\...\Steam App 32150) (Version: - TrueThought)Factorio version 0.6.4 (HKLM-x32\...\Factorio_is1) (Version: - )Factorio version 0.8.8 (HKLM\...\Factorio_is1) (Version: - )Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft)Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) HiddenFATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) HiddenFraps (remove only) (HKLM-x32\...\Fraps) (Version: - )FTL - Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.1.0.11 - GOG.com)Gnomoria (HKLM-x32\...\Steam App 224500) (Version: - Robotronic Games)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenHammerwatch (HKLM-x32\...\Steam App 239070) (Version: - )Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) HiddenHP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) HiddenHP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) HiddenHP Documentation (HKLM-x32\...\{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}) (Version: 1.1.0.0 - Hewlett-Packard)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) HiddenHP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)HP Software Framework (HKLM-x32\...\{F8070C51-4B1D-430C-8BCF-19696368366F}) (Version: 4.0.110.1 - Hewlett-Packard Company)HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)Intel PROSet Wireless (Version: - ) HiddenIntel PROSet Wireless (x32 Version: - ) HiddenIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )Intel® Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) HiddenJava 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenJust Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version: - 1C Company)LEGO MARVEL Super Heroes (HKLM-x32\...\Steam App 249130) (Version: - Traveller's Tales)LIMBO (HKLM-x32\...\Steam App 48000) (Version: - Playdead)Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment)Marvel Puzzle Quest: Dark Reign (HKLM-x32\...\Steam App 234330) (Version: - )Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) HiddenMicrosoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games)Monster Loves You! (HKLM-x32\...\Steam App 226740) (Version: - )MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) HiddenNamco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) HiddenNorton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.6 - Notepad++ Team)NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )OpenAL (HKLM-x32\...\OpenAL) (Version: - )Orcs Must Die 2 Workshop Tool (HKLM-x32\...\Steam App 242150) (Version: - )Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)Penguins! (x32 Version: 2.2.0.95 - WildTangent) HiddenPenny Arcade's On the Rain-Slick Precipice of Darkness 4 (HKLM-x32\...\Steam App 237570) (Version: - )Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) HiddenPlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.95 - WildTangent) HiddenPrime World: Defenders (HKLM-x32\...\Steam App 235360) (Version: - Nival)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)PX Profile Update (x32 Version: 1.00.1. - AMD) HiddenPython 3.4.1 (HKLM-x32\...\{df32bb9e-3ed8-36b5-a649-e8c845c5f3a2}) (Version: 3.4.1150 - Python Software Foundation)QuickTime (HKLM-x32\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) HiddenRenesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) HiddenRogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games)Rogue Shooter: The FPS Roguelike Demo (HKLM-x32\...\Steam App 298010) (Version: - Hippomancer)RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version: - Enterbrain)Sanctum (HKLM-x32\...\Steam App 91600) (Version: - )Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media)Serious Sam Classic: The First Encounter (HKLM-x32\...\Steam App 41050) (Version: - Croteam)Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) HiddenSolar 2 (HKLM-x32\...\Steam App 97000) (Version: - Murudai)Space Empires IV Deluxe (HKLM-x32\...\Steam App 1610) (Version: - Malfador Machinations)SPELL-JAM (remove only) (HKLM-x32\...\SPELL-JAM) (Version: - )StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)Starlite: Astronaut Rescue (HKLM-x32\...\Steam App 266090) (Version: - Project Whitecard Studios Inc.)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )The Incredible Adventures of Van Helsing (HKLM-x32\...\Steam App 215530) (Version: - NeocoreGames)The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version: - Galactic Cafe)The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version: - )Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com)Transparent Language System (HKLM-x32\...\Transparent Language System) (Version: 11.0 - Transparent Language, Inc.)Transparent Language System (x32 Version: 11.0 - Transparent Language, Inc.) HiddenTyping Tournament Home Ed v2 (HKLM-x32\...\Typing Tournament Home Ed v2) (Version: 2.0.9 - EdAlive)Tyrian 2000 (HKLM-x32\...\GOGPACKTYRIAN2000_is1) (Version: 2.0.0.11 - GOG.com)Ultimate Math Invaders Home Ed v2 (HKLM-x32\...\Ultimate Math Invaders Home Ed v2) (Version: 2.0.9 - EdAlive)Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version: - Giant Army)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenUplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) HiddenWheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenWildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)Words Rock Home Ed v2 (HKLM-x32\...\Words Rock Home Ed v2) (Version: 2.0.9 - EdAlive)XSplit Broadcaster (HKLM-x32\...\{395B4656-8D3B-4586-BC07-E06E679C5E99}) (Version: 1.3.1402.2002 - SplitMediaLabs)Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Restore Points ========================= 16-06-2014 23:23:51 Windows Update17-06-2014 02:24:06 Windows Update17-06-2014 02:31:05 Windows Update17-06-2014 03:11:07 Windows Update18-06-2014 02:14:33 Installed Java 7 Update 60 ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0E029224-DC37-449B-AE6E-A7DEEE40CCFA} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {1F160C03-84A4-47FE-A052-B217A8A37C23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {32351754-BE95-4499-9BB2-1A6E04C2EF7A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)Task: {36D9C9C7-7E87-43BB-853A-93FB817D890C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)Task: {468D7D23-5094-481D-96A4-1840EFCFC021} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)Task: {4785BB17-3A0A-4EBF-9952-5B84E54333D0} - \MySearchDial No Task File <==== ATTENTIONTask: {5DD5C320-FE3D-4243-8070-C34B6876B946} - \Digital Sites No Task File <==== ATTENTIONTask: {6E69BD5B-BADD-4A3C-A829-1EDC7E00C4C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {6F1BEF6D-E7F7-47CD-A303-BB04FC0AD60C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {89579780-77B5-4954-8E5E-49A3C7ECE9FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {8A5D1F5C-E805-40DC-8DAE-BC01CA88B759} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)Task: {A52AF7DF-0ADF-4FE8-B70B-0B5D4BECBD6F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)Task: {CAC923E3-7145-4C23-9E0C-5B7CA5DA2E2F} - System32\Tasks\HPCeeScheduleForkeith => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)Task: {ED2DA54D-4D69-4FAC-8DCB-5BB2E99FF1AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-06-10] (Microsoft)Task: {F53521A6-33D5-4386-8438-341E9543B062} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)Task: {FCFFBE22-8860-4726-B00A-008A84688B53} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForkeith.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2013-05-24 22:54 - 2013-05-24 22:54 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll2013-05-24 02:11 - 2011-01-27 12:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2011-03-14 17:21 - 2011-03-14 17:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-05-21 20:21 - 2014-04-29 20:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll2014-05-20 00:35 - 2014-04-29 20:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll2014-05-21 20:21 - 2014-04-29 20:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll2014-01-08 08:55 - 2014-04-29 20:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll2013-04-23 18:30 - 2014-05-16 21:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll2014-05-21 20:21 - 2014-05-29 13:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll2014-05-21 20:21 - 2014-04-28 20:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll2013-05-03 15:35 - 2014-05-29 13:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2013-03-26 16:16 - 2014-05-01 19:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2012-12-11 09:51 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll2012-12-11 09:51 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll2012-12-11 09:51 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll2014-06-12 17:29 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll2014-06-12 17:29 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll2014-06-12 17:29 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll2014-06-12 17:29 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll2014-06-12 17:29 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll2014-02-24 20:12 - 2014-02-24 20:12 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll2013-05-24 02:10 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2010-06-24 05:19 - 2010-06-24 05:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (06/19/2014 07:43:06 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2014 04:35:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9016 Error: (06/19/2014 04:35:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9016 Error: (06/19/2014 04:35:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/19/2014 04:35:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8018 Error: (06/19/2014 04:35:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8018 Error: (06/19/2014 04:35:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/19/2014 04:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 7004 Error: (06/19/2014 04:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 7004 Error: (06/19/2014 04:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:============= Microsoft Office Sessions:=========================Error: (06/19/2014 07:43:06 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2014 04:35:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9016 Error: (06/19/2014 04:35:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9016 Error: (06/19/2014 04:35:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/19/2014 04:35:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8018 Error: (06/19/2014 04:35:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8018 Error: (06/19/2014 04:35:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/19/2014 04:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 7004 Error: (06/19/2014 04:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 7004 Error: (06/19/2014 04:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Percentage of memory in use: 39%Total physical RAM: 8139.86 MBAvailable physical RAM: 4955.9 MBTotal Pagefile: 16277.9 MBAvailable Pagefile: 12829.41 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.8 GB) (Free:103.93 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (DATA) (Fixed) (Total:409.02 GB) (Free:73.27 GB) NTFSDrive e: (RECOVERY) (Fixed) (Total:14.66 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: (MUPPET_US ) (CDROM) (Total:7.91 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: FFDD3015)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8A53F49A)Partition 1: (Not Active) - (Size=409 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=57 GB) - (Type=05) ==================== End Of Log ============================
  5. Good morning; When posting both, I got a 'message too long' error. FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014Ran by keith (administrator) on KEITH-HP on 19-06-2014 07:45:35Running from C:\Users\keith\DesktopPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-07-04] (Synaptics Incorporated)HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2014-01-25] (IDT, Inc.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-15] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-07-04] (Renesas Electronics Corporation)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-20] (Easybits)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-2630042686-1250254935-3286438661-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)HKU\S-1-5-21-2630042686-1250254935-3286438661-1000\...\Run: [GoogleChromeAutoLaunch_F1D62AC303E2C0B600342FB8ACD4796B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) ==================== Internet (Whitelisted) ==================== BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-03-30] (EasyBits Software Corp.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-13]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [] Chrome: =======CHR HomePage: hxxp://google.com/CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No FileCHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No FileCHR Extension: (Google Docs) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-22]CHR Extension: (Google Drive) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-22]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]CHR Extension: (YouTube) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-22]CHR Extension: (Google Search) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-22]CHR Extension: (Streamus™ (Beta!)) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2014-06-11]CHR Extension: (Norton Identity Protection) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-09-12]CHR Extension: (Google Wallet) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]CHR Extension: (Gmail) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-22]CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-19] ==================== Services (Whitelisted) ================= R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-08-08] (Realsil Microelectronics Inc.) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-24] () ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-16] (Symantec Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140618.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140618.016\ENG64.SYS [126040 2014-06-16] (Symantec Corporation)S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140618.016\EX64.SYS [2099288 2014-06-16] (Symantec Corporation)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-13] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-18 08:31 - 2014-06-18 08:31 - 00000000 ____D () C:\Users\keith\AppData\Local\{8D362AC9-F45B-4584-9240-B29F83BC3552}2014-06-18 08:27 - 2014-06-19 07:46 - 00021996 _____ () C:\Users\keith\Desktop\FRST.txt2014-06-18 08:24 - 2014-06-19 00:07 - 00000000 ____D () C:\Users\keith\Desktop\FRST-OlderVersion2014-06-17 22:43 - 2014-06-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ESET2014-06-17 22:16 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-06-17 22:15 - 2014-06-17 22:15 - 00004430 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log2014-06-17 22:15 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-06-17 22:15 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-06-17 22:15 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-06-17 22:10 - 2014-06-19 07:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-17 22:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-06-17 22:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-06-17 22:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-06-17 22:02 - 2014-06-17 22:06 - 00000000 ____D () C:\AdwCleaner2014-06-17 21:58 - 2014-06-17 21:58 - 00003577 _____ () C:\Users\keith\Desktop\JRT.txt2014-06-17 21:51 - 2014-06-17 21:51 - 00000000 ____D () C:\Windows\ERUNT2014-06-17 21:50 - 2014-06-17 22:05 - 00001684 _____ () C:\Users\keith\Desktop\School_Letter_20140617.txt2014-06-17 21:50 - 2014-06-17 21:50 - 00003896 _____ () C:\Users\keith\Desktop\instructions_virus_removal.txt2014-06-17 21:46 - 2014-06-17 21:47 - 01333465 _____ () C:\Users\keith\Desktop\AdwCleaner.exe2014-06-17 21:45 - 2014-06-17 21:45 - 01016261 _____ (Thisisu) C:\Users\keith\Desktop\JRT.exe2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieUserList2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieSiteList2014-06-17 20:17 - 2014-06-17 20:17 - 00000000 ____D () C:\ProgramData\RogueKiller2014-06-17 20:15 - 2014-06-17 20:15 - 05268992 _____ () C:\Users\keith\Desktop\RogueKillerX64.exe2014-06-17 08:43 - 2014-06-17 08:43 - 00000930 _____ () C:\Users\keith\Desktop\NTREGOPT.lnk2014-06-17 08:43 - 2014-06-17 08:43 - 00000911 _____ () C:\Users\keith\Desktop\ERUNT.lnk2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Windows\ERDNT2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-06-17 08:41 - 2014-06-17 08:42 - 00791393 _____ (Lars Hederer ) C:\Users\keith\Desktop\erunt-setup.exe2014-06-17 08:35 - 2014-06-17 08:36 - 00002464 _____ () C:\Users\keith\Desktop\Rkill.txt2014-06-17 08:34 - 2014-06-17 08:34 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\keith\Desktop\rkill.exe2014-06-16 23:00 - 2014-06-16 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-06-16 22:25 - 2014-06-16 22:30 - 00000000 ____D () C:\Windows\system32\MRT2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++2014-06-16 22:25 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-06-16 22:24 - 2014-06-17 20:38 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Notepad++2014-06-16 22:24 - 2014-06-16 22:26 - 00000000 ____D () C:\Program Files (x86)\Notepad++2014-06-16 22:22 - 2014-06-16 22:22 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer (1).exe2014-06-16 22:21 - 2014-06-16 22:22 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer.exe2014-06-14 14:54 - 2014-06-14 14:54 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Warner Bros. Interactive Entertainment2014-06-14 11:13 - 2014-06-14 11:14 - 00000000 ____D () C:\Users\keith\AppData\Local\NPE2014-06-14 10:17 - 2014-06-19 07:45 - 00000000 ____D () C:\FRST2014-06-14 10:16 - 2014-06-19 00:07 - 02082304 _____ (Farbar) C:\Users\keith\Desktop\FRST64.exe2014-06-13 18:29 - 2014-06-14 08:59 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Open Download Manager2014-06-13 18:29 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager2014-06-13 18:27 - 2014-06-14 09:02 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager2014-06-13 07:55 - 2014-06-16 00:55 - 00000068 _____ () C:\Users\keith\AppData\Roaming\WB.CFG2014-06-11 22:49 - 2014-06-11 22:49 - 00077514 _____ () C:\Users\keith\Downloads\OTRR_Certified_Yours_Truly_Johnny_Dollar_archive.torrent2014-06-11 22:02 - 2014-06-11 22:17 - 1381805269 _____ () C:\Users\keith\Downloads\OTRR_Dimension_X_Singles.zip2014-06-11 22:01 - 2014-06-11 22:23 - 1988541609 _____ () C:\Users\keith\Downloads\Dragnet_OTR.zip2014-06-11 22:01 - 2014-06-11 22:06 - 225556412 _____ () C:\Users\keith\Downloads\IsaacAsimov-TheFoundationTrilogy_64kb_mp3.zip2014-06-11 19:11 - 2014-06-11 19:13 - 90455873 _____ () C:\Users\keith\Downloads\WIZZYWIG.epub2014-06-11 19:11 - 2014-06-11 19:13 - 29272387 _____ () C:\Users\keith\Downloads\MarchBookOne.epub2014-06-11 19:11 - 2014-06-11 19:13 - 27719129 _____ () C:\Users\keith\Downloads\TooCoolToBeForgotten.epub2014-06-11 19:08 - 2014-06-11 19:13 - 102049303 _____ () C:\Users\keith\Downloads\FromHellCompanion.epub2014-06-11 19:08 - 2014-06-11 19:12 - 259176640 _____ () C:\Users\keith\Downloads\FromHell.epub2014-06-10 19:47 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-06-10 19:47 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-06-10 19:47 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-06-10 19:47 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-06-10 19:47 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-06-10 19:47 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-06-10 19:47 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-06-10 19:47 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-06-10 19:47 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-06-10 19:47 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-06-10 19:47 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-06-10 19:47 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-06-10 19:47 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-06-10 19:47 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-06-10 19:47 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-06-10 19:47 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-06-10 19:47 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-06-10 19:47 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-06-10 19:47 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-06-10 19:47 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-06-10 19:47 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-06-10 19:47 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-06-10 19:47 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-06-10 19:47 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-06-10 19:47 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-06-10 19:47 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-06-10 19:47 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-06-10 19:47 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-06-10 19:47 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-06-10 19:47 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-06-10 19:47 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-06-10 19:47 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-06-10 19:47 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-06-10 19:47 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-06-10 19:47 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-06-10 19:47 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-06-10 19:47 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-06-10 19:47 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-06-10 19:47 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-06-10 19:47 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-06-10 19:47 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-06-10 19:47 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-06-10 19:47 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-06-10 19:47 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-06-10 19:47 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-06-10 19:47 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-06-10 19:47 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-06-10 19:47 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-06-10 19:47 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-06-10 19:47 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-06-10 19:47 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-06-10 19:47 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-06-10 19:47 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll2014-06-10 19:47 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll2014-06-10 19:47 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2014-06-10 19:47 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS2014-06-10 19:47 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll2014-06-10 19:47 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-06-10 19:47 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll2014-06-10 19:47 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-06-10 19:47 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2014-06-10 19:47 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-06-10 19:47 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll2014-06-10 19:47 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-06-10 19:46 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-10 19:46 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-28 21:39 - 2014-05-28 21:39 - 00675988 _____ () C:\Users\keith\Desktop\Minecraft (2).exe2014-05-26 19:25 - 2014-05-26 19:27 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.technic2014-05-26 19:25 - 2014-05-26 19:25 - 02346942 _____ () C:\Users\keith\Desktop\TechnicLauncher.exe2014-05-24 23:26 - 2014-05-25 00:55 - 00000000 ____D () C:\Users\keith\AppData\Roaming\creeperworld32014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\Documents\creeperworld32014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.mono2014-05-22 21:12 - 2014-05-22 21:13 - 00000000 ____D () C:\Users\keith\.ipython2014-05-22 21:12 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.matplotlib2014-05-22 21:08 - 2014-05-22 21:12 - 00002607 _____ () C:\Users\keith\.enstaller4rc2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Users\keith\Canopy2014-05-22 21:05 - 2014-05-22 21:05 - 00002539 _____ () C:\Users\keith\Desktop\PyLab (64-bit).lnk2014-05-22 21:05 - 2014-05-22 21:05 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Enthought2014-05-22 21:04 - 2014-05-22 21:07 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)2014-05-22 21:04 - 2014-05-22 21:04 - 00002098 _____ () C:\Users\keith\Desktop\Enthought Canopy (64-bit).lnk2014-05-22 21:01 - 2014-05-22 21:02 - 00000000 ____D () C:\Users\keith\AppData\Local\Enthought2014-05-22 20:59 - 2014-05-22 21:00 - 262688768 _____ () C:\Users\keith\Downloads\canopy-1.4.0-win-64.msi2014-05-20 00:47 - 2014-05-20 00:47 - 00013328 _____ () C:\Users\keith\Desktop\Minecraft - Shortcut.lnk2014-05-20 00:40 - 2014-05-20 00:40 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 3602014-05-20 00:24 - 2014-05-20 00:24 - 00000000 ____D () C:\Users\keith\.idlerc2014-05-20 00:23 - 2014-05-20 00:23 - 00675988 _____ () C:\Users\keith\Downloads\Minecraft (1).exe2014-05-20 00:18 - 2014-06-09 19:53 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.minecraft2014-05-20 00:18 - 2014-05-20 00:18 - 00263186 _____ () C:\Users\keith\Downloads\Minecraft.exe2014-05-20 00:17 - 2014-05-20 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.42014-05-20 00:16 - 2014-05-20 00:17 - 00000000 ____D () C:\Python342014-05-20 00:14 - 2014-05-20 00:14 - 24408064 _____ () C:\Users\keith\Downloads\python-3.4.1.msi ==================== One Month Modified Files and Folders ======= 2014-06-19 07:46 - 2014-06-18 08:27 - 00021996 _____ () C:\Users\keith\Desktop\FRST.txt2014-06-19 07:46 - 2013-05-24 02:14 - 01657855 _____ () C:\Windows\WindowsUpdate.log2014-06-19 07:45 - 2014-06-14 10:17 - 00000000 ____D () C:\FRST2014-06-19 07:44 - 2013-05-24 21:34 - 00000000 ____D () C:\Program Files (x86)\Steam2014-06-19 07:43 - 2014-06-17 22:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-19 07:43 - 2013-07-22 21:45 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-19 07:42 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-06-19 07:42 - 2009-07-14 00:51 - 00058037 _____ () C:\Windows\setupact.log2014-06-19 07:40 - 2013-07-22 21:45 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-19 02:31 - 2013-05-24 06:29 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EF5ABD8-6610-4A4A-AC3B-8E36C0A70595}2014-06-19 01:43 - 2013-12-20 20:31 - 00000000 ____D () C:\ProgramData\Easybits Magic Desktop for HP2014-06-19 00:07 - 2014-06-18 08:24 - 00000000 ____D () C:\Users\keith\Desktop\FRST-OlderVersion2014-06-19 00:07 - 2014-06-14 10:16 - 02082304 _____ (Farbar) C:\Users\keith\Desktop\FRST64.exe2014-06-18 23:56 - 2013-06-02 15:26 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkeith2014-06-18 23:56 - 2013-06-02 02:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForkeith.job2014-06-18 08:31 - 2014-06-18 08:31 - 00000000 ____D () C:\Users\keith\AppData\Local\{8D362AC9-F45B-4584-9240-B29F83BC3552}2014-06-18 08:31 - 2014-02-22 22:52 - 00000000 ____D () C:\Users\keith\AppData\Local\Windows Live2014-06-17 22:43 - 2014-06-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ESET2014-06-17 22:17 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-17 22:17 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-17 22:16 - 2014-01-03 11:25 - 00000000 ____D () C:\ProgramData\Oracle2014-06-17 22:15 - 2014-06-17 22:15 - 00004430 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log2014-06-17 22:15 - 2013-07-03 20:57 - 00000000 ____D () C:\Program Files (x86)\Java2014-06-17 22:14 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-17 22:10 - 2013-12-26 19:00 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-17 22:10 - 2013-12-26 19:00 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Malwarebytes2014-06-17 22:10 - 2013-12-26 19:00 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-06-17 22:07 - 2010-11-20 23:47 - 01242160 _____ () C:\Windows\PFRO.log2014-06-17 22:06 - 2014-06-17 22:02 - 00000000 ____D () C:\AdwCleaner2014-06-17 22:05 - 2014-06-17 21:50 - 00001684 _____ () C:\Users\keith\Desktop\School_Letter_20140617.txt2014-06-17 21:58 - 2014-06-17 21:58 - 00003577 _____ () C:\Users\keith\Desktop\JRT.txt2014-06-17 21:51 - 2014-06-17 21:51 - 00000000 ____D () C:\Windows\ERUNT2014-06-17 21:50 - 2014-06-17 21:50 - 00003896 _____ () C:\Users\keith\Desktop\instructions_virus_removal.txt2014-06-17 21:47 - 2014-06-17 21:46 - 01333465 _____ () C:\Users\keith\Desktop\AdwCleaner.exe2014-06-17 21:45 - 2014-06-17 21:45 - 01016261 _____ (Thisisu) C:\Users\keith\Desktop\JRT.exe2014-06-17 20:38 - 2014-06-16 22:24 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Notepad++2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieUserList2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieSiteList2014-06-17 20:17 - 2014-06-17 20:17 - 00000000 ____D () C:\ProgramData\RogueKiller2014-06-17 20:15 - 2014-06-17 20:15 - 05268992 _____ () C:\Users\keith\Desktop\RogueKillerX64.exe2014-06-17 12:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-06-17 08:43 - 2014-06-17 08:43 - 00000930 _____ () C:\Users\keith\Desktop\NTREGOPT.lnk2014-06-17 08:43 - 2014-06-17 08:43 - 00000911 _____ () C:\Users\keith\Desktop\ERUNT.lnk2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Windows\ERDNT2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-06-17 08:42 - 2014-06-17 08:41 - 00791393 _____ (Lars Hederer ) C:\Users\keith\Desktop\erunt-setup.exe2014-06-17 08:36 - 2014-06-17 08:35 - 00002464 _____ () C:\Users\keith\Desktop\Rkill.txt2014-06-17 08:34 - 2014-06-17 08:34 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\keith\Desktop\rkill.exe2014-06-16 23:02 - 2009-07-14 00:45 - 00288304 _____ () C:\Windows\system32\FNTCACHE.DAT2014-06-16 23:00 - 2014-06-16 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-06-16 23:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-06-16 22:30 - 2014-06-16 22:25 - 00000000 ____D () C:\Windows\system32\MRT2014-06-16 22:26 - 2014-06-16 22:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++2014-06-16 22:22 - 2014-06-16 22:22 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer (1).exe2014-06-16 22:22 - 2014-06-16 22:21 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer.exe2014-06-16 19:35 - 2013-06-08 10:24 - 00775974 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-06-16 19:26 - 2013-06-07 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-06-16 19:25 - 2013-06-07 07:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-06-16 19:25 - 2013-06-07 07:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-06-16 00:55 - 2014-06-13 07:55 - 00000068 _____ () C:\Users\keith\AppData\Roaming\WB.CFG2014-06-14 15:12 - 2013-06-15 23:51 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Factorio2014-06-14 14:54 - 2014-06-14 14:54 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Warner Bros. Interactive Entertainment2014-06-14 11:14 - 2014-06-14 11:13 - 00000000 ____D () C:\Users\keith\AppData\Local\NPE2014-06-14 11:14 - 2013-07-06 20:05 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-06-14 09:45 - 2013-05-24 06:22 - 00000000 ____D () C:\Users\keith2014-06-14 09:02 - 2014-06-13 18:27 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager2014-06-14 09:02 - 2013-05-24 02:22 - 00000000 ____D () C:\ProgramData\Norton2014-06-14 09:02 - 2011-03-30 23:26 - 00000000 ____D () C:\ProgramData\RoxioNow2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat2014-06-14 08:59 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Open Download Manager2014-06-13 18:29 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager2014-06-12 17:29 - 2013-07-22 21:45 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-06-12 17:26 - 2013-05-30 20:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-06-12 17:25 - 2013-07-04 16:43 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-06-11 22:49 - 2014-06-11 22:49 - 00077514 _____ () C:\Users\keith\Downloads\OTRR_Certified_Yours_Truly_Johnny_Dollar_archive.torrent2014-06-11 22:23 - 2014-06-11 22:01 - 1988541609 _____ () C:\Users\keith\Downloads\Dragnet_OTR.zip2014-06-11 22:17 - 2014-06-11 22:02 - 1381805269 _____ () C:\Users\keith\Downloads\OTRR_Dimension_X_Singles.zip2014-06-11 22:06 - 2014-06-11 22:01 - 225556412 _____ () C:\Users\keith\Downloads\IsaacAsimov-TheFoundationTrilogy_64kb_mp3.zip2014-06-11 19:13 - 2014-06-11 19:11 - 90455873 _____ () C:\Users\keith\Downloads\WIZZYWIG.epub2014-06-11 19:13 - 2014-06-11 19:11 - 29272387 _____ () C:\Users\keith\Downloads\MarchBookOne.epub2014-06-11 19:13 - 2014-06-11 19:11 - 27719129 _____ () C:\Users\keith\Downloads\TooCoolToBeForgotten.epub2014-06-11 19:13 - 2014-06-11 19:08 - 102049303 _____ () C:\Users\keith\Downloads\FromHellCompanion.epub2014-06-11 19:12 - 2014-06-11 19:08 - 259176640 _____ () C:\Users\keith\Downloads\FromHell.epub2014-06-11 00:23 - 2014-04-22 15:32 - 00000000 ____D () C:\Users\dub_cm_auto2014-06-09 19:53 - 2014-05-20 00:18 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.minecraft2014-06-08 05:13 - 2014-06-10 19:46 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-08 05:08 - 2014-06-10 19:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-06-01 17:17 - 2014-06-16 22:25 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-05-30 06:21 - 2014-06-10 19:47 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-30 06:02 - 2014-06-10 19:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-30 06:02 - 2014-06-10 19:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-05-30 05:45 - 2014-06-10 19:47 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-05-30 05:39 - 2014-06-10 19:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-05-30 05:39 - 2014-06-10 19:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-05-30 05:38 - 2014-06-10 19:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-05-30 05:28 - 2014-06-10 19:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-05-30 05:27 - 2014-06-10 19:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-05-30 05:24 - 2014-06-10 19:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-05-30 05:21 - 2014-06-10 19:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-05-30 05:21 - 2014-06-10 19:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-05-30 05:20 - 2014-06-10 19:47 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-05-30 05:18 - 2014-06-10 19:47 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-30 05:11 - 2014-06-10 19:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-05-30 05:08 - 2014-06-10 19:47 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-05-30 05:06 - 2014-06-10 19:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-05-30 05:02 - 2014-06-10 19:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-30 04:55 - 2014-06-10 19:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-05-30 04:49 - 2014-06-10 19:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-05-30 04:46 - 2014-06-10 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-30 04:44 - 2014-06-10 19:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-05-30 04:44 - 2014-06-10 19:47 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-05-30 04:43 - 2014-06-10 19:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-05-30 04:42 - 2014-06-10 19:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-05-30 04:38 - 2014-06-10 19:47 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-05-30 04:35 - 2014-06-10 19:47 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-05-30 04:34 - 2014-06-10 19:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-05-30 04:33 - 2014-06-10 19:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-05-30 04:30 - 2014-06-10 19:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-05-30 04:29 - 2014-06-10 19:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-05-30 04:28 - 2014-06-10 19:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-05-30 04:27 - 2014-06-10 19:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-05-30 04:24 - 2014-06-10 19:47 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-05-30 04:23 - 2014-06-10 19:47 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-05-30 04:16 - 2014-06-10 19:47 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-05-30 04:10 - 2014-06-10 19:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-05-30 04:06 - 2014-06-10 19:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-05-30 04:04 - 2014-06-10 19:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-30 04:02 - 2014-06-10 19:47 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-05-30 03:56 - 2014-06-10 19:47 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-05-30 03:56 - 2014-06-10 19:47 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-05-30 03:54 - 2014-06-10 19:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-05-30 03:50 - 2014-06-10 19:47 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-05-30 03:49 - 2014-06-10 19:47 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-05-30 03:43 - 2014-06-10 19:47 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-05-30 03:40 - 2014-06-10 19:47 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-05-30 03:30 - 2014-06-10 19:47 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-05-30 03:21 - 2014-06-10 19:47 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-05-30 03:15 - 2014-06-10 19:47 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-05-30 03:13 - 2014-06-10 19:47 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-05-30 03:13 - 2014-06-10 19:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-05-28 21:39 - 2014-05-28 21:39 - 00675988 _____ () C:\Users\keith\Desktop\Minecraft (2).exe2014-05-26 19:27 - 2014-05-26 19:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.technic2014-05-26 19:25 - 2014-05-26 19:25 - 02346942 _____ () C:\Users\keith\Desktop\TechnicLauncher.exe2014-05-25 00:55 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\creeperworld32014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\Documents\creeperworld32014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.mono2014-05-24 18:28 - 2014-02-08 20:35 - 00000000 ____D () C:\Users\keith\Documents\Universe Sandbox2014-05-22 21:14 - 2013-05-24 23:09 - 00000000 ____D () C:\Users\keith\Documents\My Games2014-05-22 21:13 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.ipython2014-05-22 21:12 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.matplotlib2014-05-22 21:12 - 2014-05-22 21:08 - 00002607 _____ () C:\Users\keith\.enstaller4rc2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Users\keith\Canopy2014-05-22 21:07 - 2014-05-22 21:04 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)2014-05-22 21:05 - 2014-05-22 21:05 - 00002539 _____ () C:\Users\keith\Desktop\PyLab (64-bit).lnk2014-05-22 21:05 - 2014-05-22 21:05 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Enthought2014-05-22 21:04 - 2014-05-22 21:04 - 00002098 _____ () C:\Users\keith\Desktop\Enthought Canopy (64-bit).lnk2014-05-22 21:02 - 2014-05-22 21:01 - 00000000 ____D () C:\Users\keith\AppData\Local\Enthought2014-05-22 21:00 - 2014-05-22 20:59 - 262688768 _____ () C:\Users\keith\Downloads\canopy-1.4.0-win-64.msi2014-05-20 00:47 - 2014-05-20 00:47 - 00013328 _____ () C:\Users\keith\Desktop\Minecraft - Shortcut.lnk2014-05-20 00:44 - 2013-06-07 17:47 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk2014-05-20 00:44 - 2011-03-30 23:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2014-05-20 00:40 - 2014-05-20 00:40 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 3602014-05-20 00:36 - 2013-06-04 07:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-05-20 00:36 - 2013-06-04 07:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-20 00:35 - 2014-01-13 14:03 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration2014-05-20 00:35 - 2014-01-13 14:03 - 00002321 _____ () C:\Users\Public\Desktop\Norton 360.lnk2014-05-20 00:35 - 2014-01-13 14:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 3602014-05-20 00:35 - 2014-01-13 14:02 - 00000000 ____D () C:\Windows\system32\Drivers\N360x642014-05-20 00:31 - 2013-06-22 10:51 - 00000000 ____D () C:\Users\keith\AppData\Roaming\SoftGrid Client2014-05-20 00:24 - 2014-05-20 00:24 - 00000000 ____D () C:\Users\keith\.idlerc2014-05-20 00:23 - 2014-05-20 00:23 - 00675988 _____ () C:\Users\keith\Downloads\Minecraft (1).exe2014-05-20 00:18 - 2014-05-20 00:18 - 00263186 _____ () C:\Users\keith\Downloads\Minecraft.exe2014-05-20 00:17 - 2014-05-20 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.42014-05-20 00:17 - 2014-05-20 00:16 - 00000000 ____D () C:\Python342014-05-20 00:14 - 2014-05-20 00:14 - 24408064 _____ () C:\Users\keith\Downloads\python-3.4.1.msi ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-18 02:21 ==================== End Of Log ============================
  6. Howdy, Attached are the contents of fixlog.txt. Hope this helps, -Ridcully Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014Ran by keith at 2014-06-19 00:07:29 Run:1Running from C:\Users\keith\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.co...s={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}SearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}SearchScopes: HKCU - DefaultScope {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {307679DE-83ED-4077-82D2-BD13FE0112B1} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No FileC:\Users\keith\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exeC:\Users\keith\AppData\Local\Temp\Quarantine.exeC:\Users\keith\AppData\Local\Temp\xmlUpdater.exe ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{307679DE-83ED-4077-82D2-BD13FE0112B1}' => Key deleted successfully.'HKCR\CLSID\{307679DE-83ED-4077-82D2-BD13FE0112B1}'=> Key not found.'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.'HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.'HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{307679DE-83ED-4077-82D2-BD13FE0112B1}' => Key deleted successfully.'HKCR\CLSID\{307679DE-83ED-4077-82D2-BD13FE0112B1}'=> Key not found.'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.'HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.'HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully.'HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully.'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.'HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.'HKLM\Software\MozillaPlugins\@java.com/JavaPlugin' => Key deleted successfully.C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => Moved successfully.'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2' => Key deleted successfully.C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.C:\Windows\SysWOW64\npDeployJava1.dll not found.C:\Users\keith\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe => Moved successfully.C:\Users\keith\AppData\Local\Temp\Quarantine.exe => Moved successfully.C:\Users\keith\AppData\Local\Temp\xmlUpdater.exe => Moved successfully. ==== End of Fixlog ====
  7. ESET results: No threats found: Scanned Files: 398344 Infected files: 0 Cleaned files: 0 Total scan time: 01:52:38 Scan status: Finished FRST64 I left it with the default settings Whitelist: all options checked. Optional scan: no options checked. There was no addition.txt, since I ran the tool earlier (first entry of this email chain). I am heading out to work now, and will be back this evening (EDT). Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014Ran by keith (administrator) on KEITH-HP on 18-06-2014 08:27:09Running from C:\Users\keith\DesktopPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-07-04] (Synaptics Incorporated)HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2014-01-25] (IDT, Inc.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-15] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-07-04] (Renesas Electronics Corporation)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-20] (Easybits)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-2630042686-1250254935-3286438661-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)HKU\S-1-5-21-2630042686-1250254935-3286438661-1000\...\Run: [GoogleChromeAutoLaunch_F1D62AC303E2C0B600342FB8ACD4796B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)HKU\S-1-5-21-2630042686-1250254935-3286438661-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)HKU\S-1-5-21-2630042686-1250254935-3286438661-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_F1D62AC303E2C0B600342FB8ACD4796B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1SearchScopes: HKLM - {307679DE-83ED-4077-82D2-BD13FE0112B1} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKCU - DefaultScope {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {307679DE-83ED-4077-82D2-BD13FE0112B1} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-03-30] (EasyBits Software Corp.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-13]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [] Chrome: =======CHR HomePage: hxxp://google.com/CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No FileCHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No FileCHR Extension: (Google Docs) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-22]CHR Extension: (Google Drive) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-22]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]CHR Extension: (YouTube) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-22]CHR Extension: (Google Search) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-22]CHR Extension: (Streamus™ (Beta!)) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2014-06-11]CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-09-12]CHR Extension: (Google Wallet) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]CHR Extension: (Gmail) - C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-22]CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-19] ==================== Services (Whitelisted) ================= R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-08-08] (Realsil Microelectronics Inc.) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-24] () ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-16] (Symantec Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140617.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-18] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140617.009\ENG64.SYS [126040 2014-06-16] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140617.009\EX64.SYS [2099288 2014-06-16] (Symantec Corporation)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-13] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-18 08:27 - 2014-06-18 08:27 - 00024731 _____ () C:\Users\keith\Desktop\FRST.txt2014-06-18 08:24 - 2014-06-18 08:24 - 00000000 ____D () C:\Users\keith\Desktop\FRST-OlderVersion2014-06-17 22:43 - 2014-06-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ESET2014-06-17 22:16 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-06-17 22:15 - 2014-06-17 22:15 - 00004430 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log2014-06-17 22:15 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-06-17 22:15 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-06-17 22:15 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-06-17 22:10 - 2014-06-18 08:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-17 22:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-06-17 22:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-06-17 22:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-06-17 22:02 - 2014-06-17 22:06 - 00000000 ____D () C:\AdwCleaner2014-06-17 21:58 - 2014-06-17 21:58 - 00003577 _____ () C:\Users\keith\Desktop\JRT.txt2014-06-17 21:51 - 2014-06-17 21:51 - 00000000 ____D () C:\Windows\ERUNT2014-06-17 21:50 - 2014-06-17 22:05 - 00001684 _____ () C:\Users\keith\Desktop\School_Letter_20140617.txt2014-06-17 21:50 - 2014-06-17 21:50 - 00003896 _____ () C:\Users\keith\Desktop\instructions_virus_removal.txt2014-06-17 21:46 - 2014-06-17 21:47 - 01333465 _____ () C:\Users\keith\Desktop\AdwCleaner.exe2014-06-17 21:45 - 2014-06-17 21:45 - 01016261 _____ (Thisisu) C:\Users\keith\Desktop\JRT.exe2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieUserList2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieSiteList2014-06-17 20:17 - 2014-06-17 20:17 - 00000000 ____D () C:\ProgramData\RogueKiller2014-06-17 20:15 - 2014-06-17 20:15 - 05268992 _____ () C:\Users\keith\Desktop\RogueKillerX64.exe2014-06-17 08:43 - 2014-06-17 08:43 - 00000930 _____ () C:\Users\keith\Desktop\NTREGOPT.lnk2014-06-17 08:43 - 2014-06-17 08:43 - 00000911 _____ () C:\Users\keith\Desktop\ERUNT.lnk2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Windows\ERDNT2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-06-17 08:41 - 2014-06-17 08:42 - 00791393 _____ (Lars Hederer ) C:\Users\keith\Desktop\erunt-setup.exe2014-06-17 08:35 - 2014-06-17 08:36 - 00002464 _____ () C:\Users\keith\Desktop\Rkill.txt2014-06-17 08:34 - 2014-06-17 08:34 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\keith\Desktop\rkill.exe2014-06-16 23:00 - 2014-06-16 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-06-16 22:25 - 2014-06-16 22:30 - 00000000 ____D () C:\Windows\system32\MRT2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++2014-06-16 22:25 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-06-16 22:24 - 2014-06-17 20:38 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Notepad++2014-06-16 22:24 - 2014-06-16 22:26 - 00000000 ____D () C:\Program Files (x86)\Notepad++2014-06-16 22:22 - 2014-06-16 22:22 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer (1).exe2014-06-16 22:21 - 2014-06-16 22:22 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer.exe2014-06-14 14:54 - 2014-06-14 14:54 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Warner Bros. Interactive Entertainment2014-06-14 11:13 - 2014-06-14 11:14 - 00000000 ____D () C:\Users\keith\AppData\Local\NPE2014-06-14 10:17 - 2014-06-18 08:27 - 00000000 ____D () C:\FRST2014-06-14 10:16 - 2014-06-18 08:24 - 02081280 _____ (Farbar) C:\Users\keith\Desktop\FRST64.exe2014-06-13 18:29 - 2014-06-14 08:59 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Open Download Manager2014-06-13 18:29 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager2014-06-13 18:27 - 2014-06-14 09:02 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager2014-06-13 07:55 - 2014-06-16 00:55 - 00000068 _____ () C:\Users\keith\AppData\Roaming\WB.CFG2014-06-11 22:49 - 2014-06-11 22:49 - 00077514 _____ () C:\Users\keith\Downloads\OTRR_Certified_Yours_Truly_Johnny_Dollar_archive.torrent2014-06-11 22:02 - 2014-06-11 22:17 - 1381805269 _____ () C:\Users\keith\Downloads\OTRR_Dimension_X_Singles.zip2014-06-11 22:01 - 2014-06-11 22:23 - 1988541609 _____ () C:\Users\keith\Downloads\Dragnet_OTR.zip2014-06-11 22:01 - 2014-06-11 22:06 - 225556412 _____ () C:\Users\keith\Downloads\IsaacAsimov-TheFoundationTrilogy_64kb_mp3.zip2014-06-11 19:11 - 2014-06-11 19:13 - 90455873 _____ () C:\Users\keith\Downloads\WIZZYWIG.epub2014-06-11 19:11 - 2014-06-11 19:13 - 29272387 _____ () C:\Users\keith\Downloads\MarchBookOne.epub2014-06-11 19:11 - 2014-06-11 19:13 - 27719129 _____ () C:\Users\keith\Downloads\TooCoolToBeForgotten.epub2014-06-11 19:08 - 2014-06-11 19:13 - 102049303 _____ () C:\Users\keith\Downloads\FromHellCompanion.epub2014-06-11 19:08 - 2014-06-11 19:12 - 259176640 _____ () C:\Users\keith\Downloads\FromHell.epub2014-06-10 19:47 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-06-10 19:47 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-06-10 19:47 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-06-10 19:47 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-06-10 19:47 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-06-10 19:47 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-06-10 19:47 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-06-10 19:47 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-06-10 19:47 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-06-10 19:47 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-06-10 19:47 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-06-10 19:47 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-06-10 19:47 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-06-10 19:47 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-06-10 19:47 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-06-10 19:47 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-06-10 19:47 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-06-10 19:47 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-06-10 19:47 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-06-10 19:47 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-06-10 19:47 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-06-10 19:47 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-06-10 19:47 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-06-10 19:47 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-06-10 19:47 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-06-10 19:47 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-06-10 19:47 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-06-10 19:47 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-06-10 19:47 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-06-10 19:47 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-06-10 19:47 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-06-10 19:47 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-06-10 19:47 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-06-10 19:47 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-06-10 19:47 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-06-10 19:47 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-06-10 19:47 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-06-10 19:47 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-06-10 19:47 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-06-10 19:47 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-06-10 19:47 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-06-10 19:47 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-06-10 19:47 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-06-10 19:47 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-06-10 19:47 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-06-10 19:47 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-06-10 19:47 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-06-10 19:47 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-06-10 19:47 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-06-10 19:47 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-06-10 19:47 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-06-10 19:47 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-06-10 19:47 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll2014-06-10 19:47 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll2014-06-10 19:47 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2014-06-10 19:47 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS2014-06-10 19:47 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll2014-06-10 19:47 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-06-10 19:47 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll2014-06-10 19:47 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-06-10 19:47 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2014-06-10 19:47 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-06-10 19:47 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll2014-06-10 19:47 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-06-10 19:46 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-10 19:46 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-28 21:39 - 2014-05-28 21:39 - 00675988 _____ () C:\Users\keith\Desktop\Minecraft (2).exe2014-05-26 19:25 - 2014-05-26 19:27 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.technic2014-05-26 19:25 - 2014-05-26 19:25 - 02346942 _____ () C:\Users\keith\Desktop\TechnicLauncher.exe2014-05-24 23:26 - 2014-05-25 00:55 - 00000000 ____D () C:\Users\keith\AppData\Roaming\creeperworld32014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\Documents\creeperworld32014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.mono2014-05-22 21:12 - 2014-05-22 21:13 - 00000000 ____D () C:\Users\keith\.ipython2014-05-22 21:12 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.matplotlib2014-05-22 21:08 - 2014-05-22 21:12 - 00002607 _____ () C:\Users\keith\.enstaller4rc2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Users\keith\Canopy2014-05-22 21:05 - 2014-05-22 21:05 - 00002539 _____ () C:\Users\keith\Desktop\PyLab (64-bit).lnk2014-05-22 21:05 - 2014-05-22 21:05 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Enthought2014-05-22 21:04 - 2014-05-22 21:07 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)2014-05-22 21:04 - 2014-05-22 21:04 - 00002098 _____ () C:\Users\keith\Desktop\Enthought Canopy (64-bit).lnk2014-05-22 21:01 - 2014-05-22 21:02 - 00000000 ____D () C:\Users\keith\AppData\Local\Enthought2014-05-22 20:59 - 2014-05-22 21:00 - 262688768 _____ () C:\Users\keith\Downloads\canopy-1.4.0-win-64.msi2014-05-20 00:47 - 2014-05-20 00:47 - 00013328 _____ () C:\Users\keith\Desktop\Minecraft - Shortcut.lnk2014-05-20 00:40 - 2014-05-20 00:40 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 3602014-05-20 00:24 - 2014-05-20 00:24 - 00000000 ____D () C:\Users\keith\.idlerc2014-05-20 00:23 - 2014-05-20 00:23 - 00675988 _____ () C:\Users\keith\Downloads\Minecraft (1).exe2014-05-20 00:18 - 2014-06-09 19:53 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.minecraft2014-05-20 00:18 - 2014-05-20 00:18 - 00263186 _____ () C:\Users\keith\Downloads\Minecraft.exe2014-05-20 00:17 - 2014-05-20 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.42014-05-20 00:16 - 2014-05-20 00:17 - 00000000 ____D () C:\Python342014-05-20 00:14 - 2014-05-20 00:14 - 24408064 _____ () C:\Users\keith\Downloads\python-3.4.1.msi ==================== One Month Modified Files and Folders ======= 2014-06-18 08:27 - 2014-06-18 08:27 - 00024731 _____ () C:\Users\keith\Desktop\FRST.txt2014-06-18 08:27 - 2014-06-14 10:17 - 00000000 ____D () C:\FRST2014-06-18 08:27 - 2013-05-24 06:23 - 00000000 ____D () C:\Users\keith\AppData\Local\Temp2014-06-18 08:24 - 2014-06-18 08:24 - 00000000 ____D () C:\Users\keith\Desktop\FRST-OlderVersion2014-06-18 08:24 - 2014-06-14 10:16 - 02081280 _____ (Farbar) C:\Users\keith\Desktop\FRST64.exe2014-06-18 08:23 - 2013-07-22 21:45 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-18 08:22 - 2014-06-17 22:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-18 02:45 - 2013-05-24 02:14 - 01638824 _____ () C:\Windows\WindowsUpdate.log2014-06-18 01:11 - 2013-05-24 06:29 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EF5ABD8-6610-4A4A-AC3B-8E36C0A70595}2014-06-18 00:27 - 2013-12-20 20:31 - 00000000 ____D () C:\ProgramData\Easybits Magic Desktop for HP2014-06-17 22:43 - 2014-06-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ESET2014-06-17 22:17 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-17 22:17 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-17 22:16 - 2014-01-03 11:25 - 00000000 ____D () C:\ProgramData\Oracle2014-06-17 22:15 - 2014-06-17 22:15 - 00004430 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log2014-06-17 22:15 - 2013-07-03 20:57 - 00000000 ____D () C:\Program Files (x86)\Java2014-06-17 22:14 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-17 22:10 - 2014-06-17 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-17 22:10 - 2013-12-26 19:00 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-17 22:10 - 2013-12-26 19:00 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Malwarebytes2014-06-17 22:10 - 2013-12-26 19:00 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-06-17 22:08 - 2013-07-22 21:45 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-17 22:08 - 2013-05-24 21:34 - 00000000 ____D () C:\Program Files (x86)\Steam2014-06-17 22:07 - 2010-11-20 23:47 - 01242160 _____ () C:\Windows\PFRO.log2014-06-17 22:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-06-17 22:07 - 2009-07-14 00:51 - 00057981 _____ () C:\Windows\setupact.log2014-06-17 22:06 - 2014-06-17 22:02 - 00000000 ____D () C:\AdwCleaner2014-06-17 22:05 - 2014-06-17 21:50 - 00001684 _____ () C:\Users\keith\Desktop\School_Letter_20140617.txt2014-06-17 21:58 - 2014-06-17 21:58 - 00003577 _____ () C:\Users\keith\Desktop\JRT.txt2014-06-17 21:51 - 2014-06-17 21:51 - 00000000 ____D () C:\Windows\ERUNT2014-06-17 21:50 - 2014-06-17 21:50 - 00003896 _____ () C:\Users\keith\Desktop\instructions_virus_removal.txt2014-06-17 21:47 - 2014-06-17 21:46 - 01333465 _____ () C:\Users\keith\Desktop\AdwCleaner.exe2014-06-17 21:45 - 2014-06-17 21:45 - 01016261 _____ (Thisisu) C:\Users\keith\Desktop\JRT.exe2014-06-17 20:38 - 2014-06-16 22:24 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Notepad++2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieUserList2014-06-17 20:19 - 2014-06-17 20:19 - 00000000 __SHD () C:\Users\keith\AppData\Local\EmieSiteList2014-06-17 20:17 - 2014-06-17 20:17 - 00000000 ____D () C:\ProgramData\RogueKiller2014-06-17 20:15 - 2014-06-17 20:15 - 05268992 _____ () C:\Users\keith\Desktop\RogueKillerX64.exe2014-06-17 12:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-06-17 08:43 - 2014-06-17 08:43 - 00000930 _____ () C:\Users\keith\Desktop\NTREGOPT.lnk2014-06-17 08:43 - 2014-06-17 08:43 - 00000911 _____ () C:\Users\keith\Desktop\ERUNT.lnk2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Windows\ERDNT2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-06-17 08:43 - 2014-06-17 08:43 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-06-17 08:42 - 2014-06-17 08:41 - 00791393 _____ (Lars Hederer ) C:\Users\keith\Desktop\erunt-setup.exe2014-06-17 08:36 - 2014-06-17 08:35 - 00002464 _____ () C:\Users\keith\Desktop\Rkill.txt2014-06-17 08:34 - 2014-06-17 08:34 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\keith\Desktop\rkill.exe2014-06-16 23:04 - 2013-05-24 06:29 - 00000000 ___RD () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-06-16 23:04 - 2013-05-24 06:29 - 00000000 ___RD () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-06-16 23:02 - 2009-07-14 00:45 - 00288304 _____ () C:\Windows\system32\FNTCACHE.DAT2014-06-16 23:00 - 2014-06-16 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-06-16 23:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-06-16 22:30 - 2014-06-16 22:25 - 00000000 ____D () C:\Windows\system32\MRT2014-06-16 22:26 - 2014-06-16 22:24 - 00000000 ____D () C:\Program Files (x86)\Notepad++2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++2014-06-16 22:25 - 2014-06-16 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++2014-06-16 22:22 - 2014-06-16 22:22 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer (1).exe2014-06-16 22:22 - 2014-06-16 22:21 - 07676930 _____ () C:\Users\keith\Downloads\npp.6.6.6.Installer.exe2014-06-16 19:35 - 2013-06-08 10:24 - 00775974 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-06-16 19:26 - 2013-06-07 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-06-16 19:25 - 2013-06-07 07:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-06-16 19:25 - 2013-06-07 07:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-06-16 00:55 - 2014-06-13 07:55 - 00000068 _____ () C:\Users\keith\AppData\Roaming\WB.CFG2014-06-14 19:31 - 2013-06-02 15:26 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkeith2014-06-14 19:31 - 2013-06-02 02:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForkeith.job2014-06-14 15:12 - 2013-06-15 23:51 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Factorio2014-06-14 14:54 - 2014-06-14 14:54 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Warner Bros. Interactive Entertainment2014-06-14 11:14 - 2014-06-14 11:13 - 00000000 ____D () C:\Users\keith\AppData\Local\NPE2014-06-14 11:14 - 2013-07-06 20:05 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-06-14 09:45 - 2013-05-24 06:22 - 00000000 ____D () C:\Users\keith2014-06-14 09:02 - 2014-06-13 18:27 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager2014-06-14 09:02 - 2013-05-24 02:22 - 00000000 ____D () C:\ProgramData\Norton2014-06-14 09:02 - 2011-03-30 23:26 - 00000000 ____D () C:\ProgramData\RoxioNow2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration2014-06-14 09:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat2014-06-14 08:59 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Open Download Manager2014-06-13 18:29 - 2014-06-13 18:29 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager2014-06-12 17:29 - 2013-07-22 21:45 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-06-12 17:26 - 2013-05-30 20:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-06-12 17:25 - 2013-07-04 16:43 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-06-11 22:49 - 2014-06-11 22:49 - 00077514 _____ () C:\Users\keith\Downloads\OTRR_Certified_Yours_Truly_Johnny_Dollar_archive.torrent2014-06-11 22:23 - 2014-06-11 22:01 - 1988541609 _____ () C:\Users\keith\Downloads\Dragnet_OTR.zip2014-06-11 22:17 - 2014-06-11 22:02 - 1381805269 _____ () C:\Users\keith\Downloads\OTRR_Dimension_X_Singles.zip2014-06-11 22:06 - 2014-06-11 22:01 - 225556412 _____ () C:\Users\keith\Downloads\IsaacAsimov-TheFoundationTrilogy_64kb_mp3.zip2014-06-11 19:13 - 2014-06-11 19:11 - 90455873 _____ () C:\Users\keith\Downloads\WIZZYWIG.epub2014-06-11 19:13 - 2014-06-11 19:11 - 29272387 _____ () C:\Users\keith\Downloads\MarchBookOne.epub2014-06-11 19:13 - 2014-06-11 19:11 - 27719129 _____ () C:\Users\keith\Downloads\TooCoolToBeForgotten.epub2014-06-11 19:13 - 2014-06-11 19:08 - 102049303 _____ () C:\Users\keith\Downloads\FromHellCompanion.epub2014-06-11 19:12 - 2014-06-11 19:08 - 259176640 _____ () C:\Users\keith\Downloads\FromHell.epub2014-06-11 00:23 - 2014-04-22 15:32 - 00000000 ____D () C:\Users\dub_cm_auto2014-06-09 19:53 - 2014-05-20 00:18 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.minecraft2014-06-08 05:13 - 2014-06-10 19:46 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-08 05:08 - 2014-06-10 19:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-06-01 17:17 - 2014-06-16 22:25 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-05-30 06:21 - 2014-06-10 19:47 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-30 06:02 - 2014-06-10 19:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-30 06:02 - 2014-06-10 19:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-05-30 05:45 - 2014-06-10 19:47 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-05-30 05:39 - 2014-06-10 19:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-05-30 05:39 - 2014-06-10 19:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-05-30 05:38 - 2014-06-10 19:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-05-30 05:28 - 2014-06-10 19:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-05-30 05:27 - 2014-06-10 19:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-05-30 05:24 - 2014-06-10 19:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-05-30 05:21 - 2014-06-10 19:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-05-30 05:21 - 2014-06-10 19:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-05-30 05:20 - 2014-06-10 19:47 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-05-30 05:18 - 2014-06-10 19:47 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-30 05:11 - 2014-06-10 19:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-05-30 05:08 - 2014-06-10 19:47 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-05-30 05:06 - 2014-06-10 19:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-05-30 05:02 - 2014-06-10 19:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-30 04:55 - 2014-06-10 19:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-05-30 04:49 - 2014-06-10 19:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-05-30 04:46 - 2014-06-10 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-30 04:44 - 2014-06-10 19:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-05-30 04:44 - 2014-06-10 19:47 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-05-30 04:43 - 2014-06-10 19:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-05-30 04:42 - 2014-06-10 19:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-05-30 04:38 - 2014-06-10 19:47 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-05-30 04:35 - 2014-06-10 19:47 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-05-30 04:34 - 2014-06-10 19:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-05-30 04:33 - 2014-06-10 19:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-05-30 04:30 - 2014-06-10 19:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-05-30 04:29 - 2014-06-10 19:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-05-30 04:28 - 2014-06-10 19:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-05-30 04:27 - 2014-06-10 19:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-05-30 04:24 - 2014-06-10 19:47 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-05-30 04:23 - 2014-06-10 19:47 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-05-30 04:16 - 2014-06-10 19:47 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-05-30 04:10 - 2014-06-10 19:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-05-30 04:06 - 2014-06-10 19:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-05-30 04:04 - 2014-06-10 19:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-30 04:02 - 2014-06-10 19:47 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-05-30 03:56 - 2014-06-10 19:47 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-05-30 03:56 - 2014-06-10 19:47 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-05-30 03:54 - 2014-06-10 19:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-05-30 03:50 - 2014-06-10 19:47 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-05-30 03:49 - 2014-06-10 19:47 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-05-30 03:43 - 2014-06-10 19:47 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-05-30 03:40 - 2014-06-10 19:47 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-05-30 03:30 - 2014-06-10 19:47 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-05-30 03:21 - 2014-06-10 19:47 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-05-30 03:15 - 2014-06-10 19:47 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-05-30 03:13 - 2014-06-10 19:47 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-05-30 03:13 - 2014-06-10 19:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-05-28 21:39 - 2014-05-28 21:39 - 00675988 _____ () C:\Users\keith\Desktop\Minecraft (2).exe2014-05-26 19:27 - 2014-05-26 19:25 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.technic2014-05-26 19:25 - 2014-05-26 19:25 - 02346942 _____ () C:\Users\keith\Desktop\TechnicLauncher.exe2014-05-25 00:55 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\creeperworld32014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\Documents\creeperworld32014-05-24 23:26 - 2014-05-24 23:26 - 00000000 ____D () C:\Users\keith\AppData\Roaming\.mono2014-05-24 18:28 - 2014-02-08 20:35 - 00000000 ____D () C:\Users\keith\Documents\Universe Sandbox2014-05-22 21:14 - 2013-05-24 23:09 - 00000000 ____D () C:\Users\keith\Documents\My Games2014-05-22 21:13 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.ipython2014-05-22 21:12 - 2014-05-22 21:12 - 00000000 ____D () C:\Users\keith\.matplotlib2014-05-22 21:12 - 2014-05-22 21:08 - 00002607 _____ () C:\Users\keith\.enstaller4rc2014-05-22 21:08 - 2014-05-22 21:08 - 00000000 ____D () C:\Users\keith\Canopy2014-05-22 21:07 - 2014-05-22 21:04 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)2014-05-22 21:05 - 2014-05-22 21:05 - 00002539 _____ () C:\Users\keith\Desktop\PyLab (64-bit).lnk2014-05-22 21:05 - 2014-05-22 21:05 - 00000000 ____D () C:\Users\keith\AppData\Roaming\Enthought2014-05-22 21:04 - 2014-05-22 21:04 - 00002098 _____ () C:\Users\keith\Desktop\Enthought Canopy (64-bit).lnk2014-05-22 21:02 - 2014-05-22 21:01 - 00000000 ____D () C:\Users\keith\AppData\Local\Enthought2014-05-22 21:00 - 2014-05-22 20:59 - 262688768 _____ () C:\Users\keith\Downloads\canopy-1.4.0-win-64.msi2014-05-20 00:47 - 2014-05-20 00:47 - 00013328 _____ () C:\Users\keith\Desktop\Minecraft - Shortcut.lnk2014-05-20 00:44 - 2013-06-07 17:47 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk2014-05-20 00:44 - 2011-03-30 23:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2014-05-20 00:40 - 2014-05-20 00:40 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 3602014-05-20 00:36 - 2013-06-04 07:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-05-20 00:36 - 2013-06-04 07:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-20 00:35 - 2014-01-13 14:03 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration2014-05-20 00:35 - 2014-01-13 14:03 - 00002321 _____ () C:\Users\Public\Desktop\Norton 360.lnk2014-05-20 00:35 - 2014-01-13 14:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 3602014-05-20 00:35 - 2014-01-13 14:02 - 00000000 ____D () C:\Windows\system32\Drivers\N360x642014-05-20 00:31 - 2013-06-22 10:51 - 00000000 ____D () C:\Users\keith\AppData\Roaming\SoftGrid Client2014-05-20 00:24 - 2014-05-20 00:24 - 00000000 ____D () C:\Users\keith\.idlerc2014-05-20 00:23 - 2014-05-20 00:23 - 00675988 _____ () C:\Users\keith\Downloads\Minecraft (1).exe2014-05-20 00:18 - 2014-05-20 00:18 - 00263186 _____ () C:\Users\keith\Downloads\Minecraft.exe2014-05-20 00:17 - 2014-05-20 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.42014-05-20 00:17 - 2014-05-20 00:16 - 00000000 ____D () C:\Python342014-05-20 00:14 - 2014-05-20 00:14 - 24408064 _____ () C:\Users\keith\Downloads\python-3.4.1.msi Some content of TEMP:====================C:\Users\keith\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exeC:\Users\keith\AppData\Local\Temp\Quarantine.exeC:\Users\keith\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-18 02:21 ==================== End Of Log ============================
  8. ESET is currently at 15% done (143k files scanned) after 36 minutes. I'm going to head off to bed and post results in the morning (Eastern time zone here). Any idea why MBAM checked so many fewer files the second time? Thanks for the help! -Ridcully
  9. Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology There was no option for "Scan for potentially unwanted applications" Under advanced settings: Remove found threats (unchecked) Scan archives (checked) Scan for potentially unsafe applications (checked) Enable Anti-Stealth technology (checked) Current scan targets: Operating memory, local drives Use custom proxy settings (unchecked)
  10. MBAM log. I notice that this scanned 283k items, whereas the previous scan scanned over 600k items. It also took < 10 minutes, compared to a bit more than 2.5 hours for the previous run. (I also notice that tonight's database update also pulled down a new version of the tool.) When i went to the ESET online scanner, I never get prompted for the activeX controller. I get a popup window (http://www.eset.com/us/online-scanner-popup/), which has a small box in the upper left corner, but nothing else. Do I need to change the security settings in IE for this to run properly? =================================== Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/17/2014Scan Time: 10:19:34 PMLogfile: MBAM_log_20140617_2230.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.17.13Rootkit Database: v2014.06.02.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: keith Scan Type: Threat ScanResult: CompletedObjects Scanned: 283624Time Elapsed: 9 min, 54 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  11. Post-restart AdwCleaner log. I will start the MBAM scan now. It should complete in ~2.5 hours. # AdwCleaner v3.212 - Report created 17/06/2014 at 22:06:20# Updated 05/06/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : keith - KEITH-HP# Running from : C:\Users\keith\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\keith\AppData\Local\SearchProtectFolder Deleted : C:\Users\keith\AppData\Roaming\DigitalSitesFile Deleted : C:\Users\Public\Desktop\eBay.lnkFile Deleted : C:\Windows\Tasks\Digital Sites.jobFile Deleted : C:\Windows\System32\Tasks\Digital SitesFile Deleted : C:\Windows\Tasks\MySearchDial.jobFile Deleted : C:\Windows\System32\Tasks\MySearchDial ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}Deleted [search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=batman+bey&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfglDeleted [Extension] : flpcjncodpafbgdpnkljologafpionhbDeleted [Extension] : ippkomaaonokjnfjoikaemidanojkfmmDeleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff ************************* AdwCleaner[R0].txt - [1908 octets] - [17/06/2014 22:02:50]AdwCleaner[s0].txt - [2125 octets] - [17/06/2014 22:06:20] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2185 octets] ##########
  12. First ADW Cleaner log -- I am going to let it remove all of these items. # AdwCleaner v3.212 - Report created 17/06/2014 at 22:02:50# Updated 05/06/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : keith - KEITH-HP# Running from : C:\Users\keith\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Public\Desktop\eBay.lnkFile Found : C:\Windows\System32\Tasks\Digital SitesFile Found : C:\Windows\System32\Tasks\MySearchDialFile Found : C:\Windows\Tasks\Digital Sites.jobFile Found : C:\Windows\Tasks\MySearchDial.jobFolder Found : C:\Users\keith\AppData\Local\SearchProtectFolder Found : C:\Users\keith\AppData\Roaming\DigitalSites ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [Extension] : booedmolknjekdopkepjjeckmjkdpfglFound [Extension] : flpcjncodpafbgdpnkljologafpionhbFound [Extension] : ippkomaaonokjnfjoikaemidanojkfmmFound [Extension] : pflphaooapbgpeakohlggbpidpppgdff ************************* AdwCleaner[R0].txt - [1752 octets] - [17/06/2014 22:02:50] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1812 octets] ##########
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.