Jump to content

Change Mode

Help Needed, Logs Attached


Recommended Posts

I was sent here from the User to User forum (link: http://forums.pcpitstop.com/index.php?/topic/202731-windows-7-takes-minutes-to-load-desktop/).

Thanks for your help.

 

Here are the DDS scans:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.17.2Run by Carol at 18:47:54 on 2013-12-23Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.3529 [GMT -6:00].AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32svchost.exe -k RPCSSC:Windowssystem32atiesrxx.exeC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k LocalServiceC:Windowssystem32svchost.exe -k netsvcsC:Windowssystem32svchost.exe -k NetworkServiceC:Windowssystem32atieclxx.exeC:WindowsSystem32spoolsv.exeC:Windowssystem32svchost.exe -k LocalServiceNoNetworkC:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exeC:Program FilesBonjourmDNSResponder.exeC:Program FilesCarboniteCarbonite Backupcarboniteservice.exeC:Windowssystem32Dwm.exeC:Windowssystem32taskhost.exeC:WindowsExplorer.EXEC:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonationC:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exeC:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exeC:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exeC:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exeC:Program Files (x86)Norton Security SuiteEngine21.1.0.18N360.exeC:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exeC:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exeC:Program Files (x86)PDF Completepdfsvc.exeC:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exeC:Windowssystem32svchost.exe -k imgsvcC:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXEC:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exeC:Program Files (x86)Norton Security SuiteEngine21.1.0.18N360.exeC:Windowssystem32SearchIndexer.exeC:Windowssystem32svchost.exe -k NetworkServiceNetworkRestrictedC:WindowsSystem32WUDFHost.exeC:Windowssystem32NOTEPAD.EXEC:Program FilesWindows Media Playerwmpnetwk.exeC:Program Files (x86)Mozilla Firefoxfirefox.exeC:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exeC:Windowssystem32taskhost.exeC:Windowssystem32wuauclt.exeC:WindowsSystem32svchost.exe -k swprvC:Windowssystem32vssvc.exeC:Windowssystem32taskeng.exeC:ProgramDataHP Photo CreationsMessageCheck.exeC:Windowssystem32SearchProtocolHost.exeC:Windowssystem32SearchFilterHost.exeC:Windowssystem32wbemwmiprvse.exeC:WindowsSystem32cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - <orphaned>BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Security SuiteEngine21.1.0.18coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Security SuiteEngine21.1.0.18IPSipsbho.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Security SuiteEngine21.1.0.18coieplg.dlluPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - C:WindowsSystem32GPhotos.scr/200IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~1Office12EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dllIE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:Program Files (x86)Hewlett-PackardSmartPrintsmartprintsetup.exeIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program Files (x86)Microsoft OfficeOffice12ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1TCP: Interfaces{8126AF98-B5BB-43FB-9FCA-410B6136A83C} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dllx64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Security SuiteEngine6421.1.0.18CoIEPlg.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllx64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dllx64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Security SuiteEngine6421.1.0.18CoIEPlg.dllx64-RunOnce: [NCPluginUpdater] "C:Program Files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe" Updatex64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exex64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:UsersCarolAppDataRoamingMozillaFirefoxProfilescvlu5oht.defaultFF - plugin: C:Program Files (x86)AmazonMP3 DownloadernpAmazonMP3DownloaderPlugin10171.dllFF - plugin: C:Program Files (x86)GooglePicasa3npPicasa3.dllFF - plugin: C:Program Files (x86)GoogleUpdate1.3.22.3npGoogleUpdate3.dllFF - plugin: C:Program Files (x86)Javajre7binplugin2npjp2.dllFF - plugin: c:Program Files (x86)Microsoft Silverlight5.1.20913.0npctrlui.dllFF - plugin: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered1NP_wtapp.dllFF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dllFF - plugin: C:UsersCarolAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dllFF - plugin: C:UsersCarolAppDataRoaming[email protected]logitech.compluginsnpLogitechDeviceDetection.dllFF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_9_900_170.dllFF - plugin: C:WindowsSysWOW64npDeployJava1.dllFF - plugin: C:WindowsSysWOW64npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;C:WindowsSystem32driversN360x641501000.012SymDS64.sys [2013-12-21 493656]R0 SymEFA;Symantec Extended File Attributes;C:WindowsSystem32driversN360x641501000.012SymEFA64.sys [2013-12-21 1147480]R1 BHDrvx64;BHDrvx64;C:Program Files (x86)Norton Security SuiteNortonData21.1.0.18DefinitionsBASHDefs20131203.001BHDrvx64.sys [2013-12-3 1526488]R1 ccSet_N360;N360 Settings Manager;C:WindowsSystem32driversN360x641501000.012ccSetx64.sys [2013-12-21 162392]R1 IDSVia64;IDSVia64;C:Program Files (x86)Norton Security SuiteNortonData21.1.0.18DefinitionsIPSDefs20131220.001IDSviA64.sys [2013-12-20 521944]R1 SymIRON;Symantec Iron Driver;C:WindowsSystem32driversN360x641501000.012Ironx64.sys [2013-12-21 264280]R1 SymNetS;Symantec Network Security WFP Driver;C:WindowsSystem32driversN360x641501000.012symnets.sys [2013-12-21 590936]R2 AMD External Events Utility;AMD External Events Utility;C:WindowsSystem32atiesrxx.exe [2011-4-11 204288]R2 HP Support Assistant Service;HP Support Assistant Service;C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe [2012-9-27 86528]R2 HPClientSvc;HP Client Services;C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-10-11 346168]R2 MBAMScheduler;MBAMScheduler;C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-9-11 418376]R2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-9-11 701512]R2 N360;Norton Security Suite;C:Program Files (x86)Norton Security SuiteEngine21.1.0.18N360.exe [2013-12-21 264360]R2 NOBU;Norton Online Backup;C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe [2010-6-1 2804568]R2 pdfcDispatcher;PDF Document Manager;C:Program Files (x86)PDF Completepdfsvc.exe [2011-4-11 1127448]R2 RoxioNow Service;RoxioNow Service;C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-11-26 399344]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [2013-12-21 137648]R3 MBAMProtector;MBAMProtector;C:WindowsSystem32driversmbam.sys [2012-1-5 25928]R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2011-4-11 412776]R3 usbfilter;AMD USB Filter Driver;C:WindowsSystem32driversusbfilter.sys [2011-4-11 38456]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]S3 GamesAppService;GamesAppService;C:Program Files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:WindowsSystem32ieetwcollector.exe [2013-12-21 111616]S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:WindowsSystem32driversbtblan.sys [2011-11-12 40320]S3 rcmirror;rcmirror;C:WindowsSystem32driversrcmirror.sys [2010-1-18 4608]S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:WindowsSystem32driversTsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:WindowsSystem32driversusbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2011-8-12 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-12-23 03:28:03 -------- d-----w- C:AdwCleaner2013-12-22 00:04:17 590936 ----a-r- C:WindowsSystem32driversN360x641501000.012symnets.sys2013-12-22 00:04:17 23568 ----a-r- C:WindowsSystem32driversN360x641501000.012SymELAM.sys2013-12-22 00:04:16 858200 ----a-r- C:WindowsSystem32driversN360x641501000.012srtsp64.sys2013-12-22 00:04:16 493656 ----a-r- C:WindowsSystem32driversN360x641501000.012SymDS64.sys2013-12-22 00:04:16 36952 ----a-r- C:WindowsSystem32driversN360x641501000.012srtspx64.sys2013-12-22 00:04:16 264280 ----a-r- C:WindowsSystem32driversN360x641501000.012Ironx64.sys2013-12-22 00:04:16 162392 ----a-r- C:WindowsSystem32driversN360x641501000.012ccSetx64.sys2013-12-22 00:04:16 1147480 ----a-r- C:WindowsSystem32driversN360x641501000.012SymEFA64.sys2013-12-22 00:03:46 -------- d-----w- C:WindowsSystem32driversN360x641501000.0122013-12-22 00:03:46 -------- d-----w- C:WindowsSystem32driversN360x642013-12-22 00:03:37 -------- d-----w- C:Program Files (x86)Norton Security Suite2013-12-21 22:34:15 167424 ----a-w- C:Program FilesWindows Media Playerwmplayer.exe2013-12-21 22:34:15 164864 ----a-w- C:Program Files (x86)Windows Media Playerwmplayer.exe2013-12-21 22:34:14 12625920 ----a-w- C:WindowsSystem32wmploc.DLL2013-12-21 22:34:14 12625408 ----a-w- C:WindowsSysWow64wmploc.DLL2013-12-21 22:11:19 -------- d-----w- C:Windowspss2013-12-21 22:09:04 -------- d-----w- C:ProgramDataFighters2013-12-21 22:07:36 -------- d-----w- C:UsersCarolAppDataRoamingFileAssociationManager2013-12-21 22:07:36 -------- d-----w- C:Program Files (x86)FileAssociationManager2013-12-21 21:06:07 1474048 ----a-w- C:WindowsSystem32crypt32.dll2013-12-21 21:06:07 1168384 ----a-w- C:WindowsSysWow64crypt32.dll2013-12-21 21:03:24 465920 ----a-w- C:WindowsSystem32WMPhoto.dll2013-12-21 21:03:24 417792 ----a-w- C:WindowsSysWow64WMPhoto.dll2013-12-21 21:03:01 81408 ----a-w- C:WindowsSystem32imagehlp.dll2013-12-21 21:03:01 159232 ----a-w- C:WindowsSysWow64imagehlp.dll2013-12-21 21:02:48 2048 ----a-w- C:WindowsSysWow64tzres.dll2013-12-21 21:02:48 2048 ----a-w- C:WindowsSystem32tzres.dll2013-12-21 21:02:32 230400 ----a-w- C:WindowsSystem32driversportcls.sys2013-12-21 21:02:32 116736 ----a-w- C:WindowsSystem32driversdrmk.sys2013-12-21 21:02:02 202752 ----a-w- C:WindowsSystem32scrrun.dll2013-12-21 21:02:02 168960 ----a-w- C:WindowsSystem32wscript.exe2013-12-21 21:02:02 163840 ----a-w- C:WindowsSysWow64scrrun.dll2013-12-21 21:02:02 156160 ----a-w- C:WindowsSystem32cscript.exe2013-12-21 21:02:02 150016 ----a-w- C:WindowsSystem32wshom.ocx2013-12-21 21:02:02 141824 ----a-w- C:WindowsSysWow64wscript.exe2013-12-21 21:02:02 126976 ----a-w- C:WindowsSysWow64cscript.exe2013-12-21 21:02:02 121856 ----a-w- C:WindowsSysWow64wshom.ocx2013-12-21 21:00:21 859648 ----a-w- C:WindowsSystem32IKEEXT.DLL2013-12-21 21:00:21 830464 ----a-w- C:WindowsSystem32nshwfp.dll2013-12-21 21:00:21 656896 ----a-w- C:WindowsSysWow64nshwfp.dll2013-12-21 21:00:21 324096 ----a-w- C:WindowsSystem32FWPUCLNT.DLL2013-12-21 21:00:21 216576 ----a-w- C:WindowsSysWow64FWPUCLNT.DLL2013-11-24 20:33:34 -------- d-----w- C:UsersCarolAppDataLocal{CC2EC5F7-8CFA-40C9-AB7E-9DE4A7247A3C}2013-11-24 19:54:06 -------- d-----w- C:Program Files (x86)Audacity.==================== Find3M ====================.2013-12-22 00:05:23 177752 ----a-w- C:WindowsSystem32driversSYMEVENT64x86.SYS2013-12-21 22:33:34 71048 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl2013-12-21 22:33:34 692616 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe2013-10-30 02:32:01 335360 ----a-w- C:WindowsSystem32msieftp.dll2013-10-30 02:19:52 301568 ----a-w- C:WindowsSysWow64msieftp.dll2013-10-30 01:24:31 3155968 ----a-w- C:WindowsSystem32win32k.sys2013-10-12 20:14:51 773712 ----a-w- C:WindowsSysWow64msvcr100.dll2013-10-12 20:14:51 420944 ----a-w- C:WindowsSysWow64msvcp100.dll2013-10-04 02:28:31 190464 ----a-w- C:WindowsSystem32SmartcardCredentialProvider.dll2013-10-04 02:25:17 197120 ----a-w- C:WindowsSystem32credui.dll2013-10-04 02:24:49 1930752 ----a-w- C:WindowsSystem32authui.dll2013-10-04 01:58:50 152576 ----a-w- C:WindowsSysWow64SmartcardCredentialProvider.dll2013-10-04 01:56:25 168960 ----a-w- C:WindowsSysWow64credui.dll2013-10-04 01:56:00 1796096 ----a-w- C:WindowsSysWow64authui.dll2013-10-03 02:23:48 404480 ----a-w- C:WindowsSystem32gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:WindowsSysWow64gdi32.dll2013-09-28 01:09:10 497152 ----a-w- C:WindowsSystem32driversafd.sys2013-09-25 02:26:40 95680 ----a-w- C:WindowsSystem32driversksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:WindowsSystem32driversksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:WindowsSystem32sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:WindowsSystem32sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:WindowsSystem32secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:WindowsSystem32schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:WindowsSystem32ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:WindowsSystem32lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:WindowsSysWow64sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:WindowsSysWow64secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:WindowsSysWow64schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:WindowsSysWow64ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:WindowsSystem32lsass.exe.============= FINISH: 18:48:24.13 ===============

Attach Scan:

 

.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: DeviceHarddiskVolume1Install Date: 8/9/2011 5:58:02 PMSystem Uptime: 12/23/2013 5:59:21 AM (13 hours ago).Motherboard: FOXCONN | | 2AB1Processor: AMD Phenom II X4 840T Processor | CPU 1 | 2900/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 920 GiB total, 773.566 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.362 GiB free.E: is CDROM ()G: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP218: 12/11/2013 3:00:12 AM - Windows UpdateRP219: 12/12/2013 3:00:25 AM - Windows UpdateRP220: 12/15/2013 3:00:11 AM - Windows UpdateRP222: 12/21/2013 4:18:01 PM - SLOW-PCfighter (64-bit) BackupRP223: 12/21/2013 4:19:59 PM - Removed CWA Reminder by We-Care.com v4.1.24.3RP224: 12/21/2013 4:22:03 PM - Windows UpdateRP225: 12/22/2013 9:28:58 AM - Removed WeatherBugRP226: 12/22/2013 11:08:03 AM - Removed Google Earth.RP227: 12/22/2013 11:09:47 AM - Removed Google DriveRP228: 12/22/2013 11:10:31 AM - Removed Google DriveRP229: 12/23/2013 3:00:13 AM - Windows Update.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)AccuWeather.com StratusAdobe AIRAdobe Digital EditionsAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAgatha Christie - Peril at End HouseAmazon MP3 Downloader 1.0.17Apple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Install ManagerBejeweled 2 DeluxeBejeweled 3Blackhawk Striker 2Blasterball 3BlioBonjourBounce SymphonyBuild-a-lot 2Cake ManiaCarboniteCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews VistaCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerChuzzle DeluxeCisco ConnectCoupon Printer for WindowsD3DX10Diner Dash 2 Restaurant RescueDING!Dora's World AdventureFarm FrenzyFATE - The Traitor SoulFile Association ManagerGoogle Update HelperH&R Block Deluxe + Efile + State 2011Hewlett-Packard ACLM.NET v1.2.1.1HP AutoHP Client ServicesHP Customer Experience EnhancementsHP FWUpdateEDO2HP GamesHP LinkUpHP MediaSmart/TouchSmart NetflixHP MovieStoreHP OdometerHP Photo CreationsHP Photosmart 5510 series Basic Device SoftwareHP Photosmart 5510 series HelpHP Photosmart 5510 series Product Improvement StudyHP Product DetectionHP SetupHP Setup ManagerHP Support AssistantHP Support InformationHP UpdateHP Vision Hardware DiagnosticsiCloudiTunesJava 7 Update 17Java Auto UpdaterJunk Mail filter updateKoboLabelPrintLexmark ToolbarMah Jong MedleyMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WSE 3.0 RuntimeMozilla Firefox 26.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Mystery P.I. - Stolen in San FranciscoNamco All-Stars PAC-MANNorton Online BackupNorton Security SuitePDF Complete Special EditionPenguins!Picasa 3Plants vs. Zombies - Game of the YearPlayReady PC Runtime amd64PlayReady PC Runtime x86Poker Superstars IIIPolar BowlerPolar GolferPower2GoPressReaderQuickTimeReaConverter 6.0 ProRealtek High Definition Audio DriverRecovery ManagerRemote Control USB DriverRemote Graphics ReceiverRoxioNow PlayerSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687439) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760411) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760415) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760585) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760591) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2817641) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827326) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827329) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2850022) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2827330) 32-Bit EditionShutterfly Express UploaderSlingo SupremeUnity Web PlayerUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update Installer for WildTangent Games AppVirtual Villagers 4 - The Tree of LifeWheel of Fortune 2WildTangent Games App (HP Games)Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWondershare PDF to Word (Build 4.0.1)Zinio Reader 4Zuma Deluxe.==== Event Viewer Messages From Past Week ========.12/23/2013 6:02:00 AM, Error: Service Control Manager [7022] - The Windows Presentation Foundation Font Cache 3.0.0.0 service hung on starting.12/23/2013 3:01:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2898785).12/22/2013 9:47:35 PM, Error: Service Control Manager [7031] - The Update BrowseSmart service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.12/22/2013 7:07:17 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.12/22/2013 7:07:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}12/22/2013 7:07:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}12/22/2013 7:07:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}12/22/2013 7:07:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}12/22/2013 7:07:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}12/22/2013 7:06:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv612/21/2013 8:55:52 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.12/21/2013 8:23:29 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.12/21/2013 8:18:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv612/21/2013 8:17:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.12/21/2013 5:19:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.12/21/2013 5:19:14 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.12/21/2013 5:19:14 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.12/21/2013 5:19:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 SymIRON12/21/2013 5:11:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}12/21/2013 4:47:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2898785)..==== End Of File ===========================

Edited by lanemom56
Link to post
Share on other sites
  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

Hi and welcome

 

-Junkware-Removal-Tool-

 

Please download Junkware Removal Tool to your desktop.

 

Vista / 7 / 8 users:

You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

[*]Shut down your protection software now to avoid potential conflicts.

[*]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

[*]The tool will open and start scanning your system.

[*]Please be patient as this can take a while to complete depending on your system's specifications.

[*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

[*]Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will produce a log called FRST.txt in the same directory the tool is run from.

[*]Please copy and paste log back here.

[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Copies of logs are saved at %systemdrive%:FRSTLogs (in most cases this will be C:FRSTLogs).

 

post:

JRT.txt

FRSTLogs

 

may need to make multiple post to ensure all logs are completed.

Link to post
Share on other sites

Here are the logs:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x64Ran by Carol on Tue 12/24/2013 at 8:17:27.13~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{17FEA48E-6F48-4A28-B7BF-72F0C3579482}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{3D4241AA-1C12-4A45-8559-33B643DF7A79}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{ADE2C4D7-A5FE-4436-A2A8-2C50B3530C9F}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{ADE2C4D7-A5FE-4436-A2A8-2C50B3530C9F}~~~ FilesSuccessfully deleted: [File] "C:Program Files (x86)mozilla firefoxpluginsnpcouponprinter.dll"Successfully deleted: [File] "C:Program Files (x86)mozilla firefoxpluginsnpmozcouponprinter.dll"~~~ FoldersSuccessfully deleted: [Folder] "C:ProgramDatafighters"Successfully deleted: [Folder] "C:Program Files (x86)coupons"Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{08B63826-479F-4982-A28C-8DDD413BC8D0}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{0A98ECCC-2EB9-4667-BA5A-BDF99A744B9B}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{1B75DE3C-434F-476C-912B-72E1884299AE}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{22775F47-9FD7-4D09-8186-F7CA0DF40DB8}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{2724BAD6-1CF5-4E7F-8ECF-85956B52465A}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{2B47D6A4-E91B-44B3-8B88-10F9D1835743}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{367D5B8D-8DD3-439C-8131-91D93A9252B4}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{453D60A0-0934-418D-B464-08E9F93908BF}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{4F7A6A3B-95EC-4649-A00C-F726B260485D}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{708BF52B-68DF-42E1-A7B4-54380CC96687}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{72830F27-1107-4FD3-A63C-D830096DD8A5}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{811A957D-A289-4810-B2AA-85F8634D28D6}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{9BB5EEF9-52D8-4EE3-A707-46C887D4EA86}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{A419E925-2E3C-4A80-86D1-B77716E5A0B6}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{B7918E55-2C4D-4822-857E-CD796C1186AB}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{B885B71C-C84A-4D8C-890C-3D789DDBF9AD}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{BD1A5C1C-0D8D-480C-883E-93FECA3A2E9C}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{C0830670-9017-4D15-9002-B0453BF91502}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{CC2EC5F7-8CFA-40C9-AB7E-9DE4A7247A3C}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{CE6CF6EA-0654-481D-82F9-09F67CF6D289}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{DDCDCCB1-6D27-4D54-A9F2-3DFCD16DB6F2}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{E5900D4C-FAA3-4CB9-90FD-69D1CE942C69}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{EC233952-418C-4405-8697-6FE2B6213127}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{FA8153C8-05F2-466E-B097-95811831DEF5}Successfully deleted: [Empty Folder] C:UsersCarolappdatalocal{FEC3D8A0-4DB1-4E56-AA8B-BDD9E947F370}~~~ FireFoxSuccessfully deleted the following from C:UsersCarolAppDataRoamingmozillafirefoxprofilescvlu5oht.defaultprefs.jsuser_pref("[email protected]", true);Emptied folder: C:UsersCarolAppDataRoamingmozillafirefoxprofilescvlu5oht.defaultminidumps [432 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 12/24/2013 at 8:23:26.22End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013Ran by Carol (administrator) on CAROL-HP on 24-12-2013 08:23:58Running from C:UsersCarolDesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal==================== Processes (Whitelisted) =================(AMD) C:WindowsSystem32atiesrxx.exe(Apple Inc.) C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe(Apple Inc.) C:Program FilesBonjourmDNSResponder.exe(Carbonite, Inc. (www.carbonite.com)) C:Program FilesCarboniteCarbonite BackupCarboniteService.exe(Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe(Hewlett-Packard Company) C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe(Symantec Corporation) C:Program Files (x86)Norton Security SuiteEngine21.1.0.18N360.exe(Symantec Corporation) C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe(PDF Complete Inc) C:Program Files (x86)PDF Completepdfsvc.exe(Roxio) C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe(Microsoft Corp.) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE(Microsoft Corp.) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVCM.EXE(AMD) C:WindowsSystem32atieclxx.exe(Hewlett-Packard Company) C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe(Symantec Corporation) C:Program Files (x86)Norton Security SuiteEngine21.1.0.18N360.exe(Microsoft Corporation) C:WindowsSysWOW64notepad.exe==================== Registry (Whitelisted) ==================HKLM-x32...Run: [] - [x]HKLM...RunOnce: [NCPluginUpdater] - "C:Program Files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)HKCU...Policiessystem: [LogonHoursAction] 2HKCU...Policiessystem: [DontDisplayLogonHoursWarnings] 1AppInit_DLLs: [ ] ()==================== Internet (Whitelisted) ====================HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/HPDSK/1HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.google.com/ieHKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com/ieSearchScopes: HKLM - {ADE2C4D7-A5FE-4436-A2A8-2C50B3530C9F} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Security SuiteEngine6421.1.0.18CoIEPlg.dll (Symantec Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.)BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No FileBHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Security SuiteEngine21.1.0.18coieplg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Security SuiteEngine21.1.0.18IPSipsbho.dll (Symantec Corporation)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common Filesmicrosoft sharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Security SuiteEngine6421.1.0.18CoIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No FileToolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Security SuiteEngine21.1.0.18coieplg.dll (Symantec Corporation)Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No FileDPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CABTcpipParameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1FireFox:========FF ProfilePath: C:UsersCarolAppDataRoamingMozillaFirefoxProfilescvlu5oht.defaultFF SearchEngineOrder.1: YahooFF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");FF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF64_11_9_900_170.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:Program FilesMicrosoft Silverlight5.1.20913.0npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:WindowsSysWOW64MacromedFlashNPSWF32_11_9_900_170.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:WindowsSysWOW64npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:Program Files (x86)Javajre7binplugin2npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:Program Files (x86)Microsoft Silverlight5.1.20913.0npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:Program Files (x86)GoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:Program Files (x86)GoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered1NP_wtapp.dll ()FF Plugin HKCU: @emusic.com/eMusicPlugin DLM6 - C:Program Files (x86)eMusic Download Manager 6npEMusic602.dll No FileFF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:UsersCarolAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:Program Files (x86)AmazonMP3 DownloadernpAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)FF Extension: Разпознаване на устройство Logitech - C:UsersCarolAppDataRoaming[email protected]logitech.comFF Extension: NetVideoHunter - C:UsersCarolAppDataRoamin[email protected]netvideohunter.comFF Extension: facepaste - C:UsersCarolAppDataRoamingMozillaF[email protected]azabani.com.xpiFF Extension: Facebook - Delete All Messages - C:UsersCarolAppDataRoamingMozi[email protected]jetpack.xpiFF Extension: Thumbnail Zoom - C:UsersCarolAppDataRoamingMozillaFirefoxProfilescvlu5oht.defaultExtensions{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpiFF HKLM-x32...FirefoxExtensions: [[email protected]] - C:Program Files (x86)Hewlett-PackardSmartPrintQPExtensionFF Extension: SmartPrintButton - C:Program Files (x86)Hewlett-PackardSmartPrintQPExtensionFF HKLM-x32...FirefoxExtensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_21.1.0.18IPSFFFF Extension: Norton Vulnerability Protection - C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_21.1.0.18IPSFFFF HKLM-x32...FirefoxExtensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_21.1.0.18coFFPlgnFF Extension: Norton Toolbar - C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_21.1.0.18coFFPlgnChrome:=======Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTIONCHR HKLM-x32...ChromeExtension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:Program Files (x86)Norton Security SuiteEngine21.1.0.18ExtsChrome.crx==================== Services (Whitelisted) =================R2 MBAMScheduler; C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 N360; C:Program Files (x86)Norton Security SuiteEngine21.1.0.18N360.exe [264360 2013-10-18] (Symantec Corporation)R2 NOBU; C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)R2 pdfcDispatcher; C:Program Files (x86)PDF Completepdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)==================== Drivers (Whitelisted) ====================R1 BHDrvx64; C:Program Files (x86)Norton Security SuiteNortonData21.1.0.18DefinitionsBASHDefs20131203.001BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)R1 ccSet_N360; C:Windowssystem32driversN360x641501000.012ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)R1 eeCtrl; C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys [484952 2013-12-21] (Symantec Corporation)R3 EraserUtilRebootDrv; C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [137648 2013-12-21] (Symantec Corporation)R1 IDSVia64; C:Program Files (x86)Norton Security SuiteNortonData21.1.0.18DefinitionsIPSDefs20131223.001IDSvia64.sys [521944 2013-12-20] (Symantec Corporation)R3 MBAMProtector; C:Windowssystem32driversmbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 NAVENG; C:Program Files (x86)Norton Security SuiteNortonData21.1.0.18DefinitionsVirusDefs20131223.024ENG64.SYS [126040 2013-12-22] (Symantec Corporation)R3 NAVEX15; C:Program Files (x86)Norton Security SuiteNortonData21.1.0.18DefinitionsVirusDefs20131223.024EX64.SYS [2099288 2013-12-22] (Symantec Corporation)R3 SRTSP; C:Windowssystem32driversN360x641501000.012SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)R1 SRTSPX; C:Windowssystem32driversN360x641501000.012SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)R0 SymDS; C:WindowsSystem32driversN360x641501000.012SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R0 SymEFA; C:WindowsSystem32driversN360x641501000.012SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)R3 SymEvent; C:Windowssystem32DriversSYMEVENT64x86.SYS [177752 2013-12-21] (Symantec Corporation)R1 SymIRON; C:Windowssystem32driversN360x641501000.012Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)R1 SymNetS; C:Windowssystem32driversN360x641501000.012SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)S3 MREMP50; ??C:PROGRA~2COMMON~1MotiveMREMP50.SYS [x]S3 MREMP50a64; ??C:PROGRA~1COMMON~1MotiveMREMP50a64.SYS [x]S3 MREMPR5; ??C:PROGRA~1COMMON~1MotiveMREMPR5.SYS [x]S3 MRENDIS5; ??C:PROGRA~1COMMON~1MotiveMRENDIS5.SYS [x]S3 MRESP50; ??C:PROGRA~2COMMON~1MotiveMRESP50.SYS [x]S3 MRESP50a64; ??C:PROGRA~1COMMON~1MotiveMRESP50a64.SYS [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-12-24 08:23 - 2013-12-24 08:24 - 00013937 _____ C:UsersCarolDesktopFRST.txt2013-12-24 08:23 - 2013-12-24 08:23 - 00004525 _____ C:UsersCarolDesktopJRT.txt2013-12-24 08:23 - 2013-12-24 08:23 - 00000000 ____D C:FRST2013-12-24 08:17 - 2013-12-24 08:17 - 00000000 ____D C:WindowsERUNT2013-12-24 08:13 - 2013-12-24 08:13 - 01928604 _____ (Farbar) C:UsersCarolDesktopFRST64.exe2013-12-24 08:10 - 2013-12-24 08:10 - 01034531 _____ (Thisisu) C:UsersCarolDesktopJRT.exe2013-12-24 03:00 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll2013-12-24 03:00 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb2013-12-24 03:00 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollectorres.dll2013-12-24 03:00 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll2013-12-24 03:00 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:Windowssystem32iesetup.dll2013-12-24 03:00 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:Windowssystem32ieetwproxystub.dll2013-12-24 03:00 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:Windowssystem32iertutil.dll2013-12-24 03:00 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:Windowssystem32jsproxy.dll2013-12-24 03:00 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:Windowssystem32iernonce.dll2013-12-24 03:00 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb2013-12-24 03:00 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:Windowssystem32ieui.dll2013-12-24 03:00 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:Windowssystem32ieUnatt.exe2013-12-24 03:00 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollector.exe2013-12-24 03:00 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:Windowssystem32jscript9diag.dll2013-12-24 03:00 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:Windowssystem32ie4uinit.exe2013-12-24 03:00 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll2013-12-24 03:00 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll2013-12-24 03:00 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:Windowssystem32jscript9.dll2013-12-24 03:00 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:WindowsSysWOW64ieui.dll2013-12-24 03:00 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9diag.dll2013-12-24 03:00 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll2013-12-24 03:00 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:Windowssystem32inetcpl.cpl2013-12-24 03:00 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:Windowssystem32ieframe.dll2013-12-24 03:00 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl2013-12-24 03:00 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll2013-12-24 03:00 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:Windowssystem32wininet.dll2013-12-24 03:00 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:Windowssystem32urlmon.dll2013-12-24 03:00 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:Windowssystem32ieapfltr.dll2013-12-24 03:00 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:WindowsSysWOW64ieapfltr.dll2013-12-24 03:00 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:WindowsSysWOW64wininet.dll2013-12-24 03:00 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll2013-12-23 18:48 - 2013-12-23 18:48 - 00018645 _____ C:UsersCarolDesktopdds.txt2013-12-23 18:48 - 2013-12-23 18:48 - 00017434 _____ C:UsersCarolDesktopattach.txt2013-12-23 18:47 - 2013-12-23 18:47 - 00688992 ____R (Swearware) C:UsersCarolDesktopdds.com2013-12-23 05:59 - 2013-12-24 03:19 - 00000112 _____ C:Windowssetupact.log2013-12-23 05:59 - 2013-12-23 05:59 - 00000792 _____ C:WindowsPFRO.log2013-12-23 05:59 - 2013-12-23 05:59 - 00000000 _____ C:Windowssetuperr.log2013-12-22 21:28 - 2013-12-23 05:57 - 00000000 ____D C:AdwCleaner2013-12-22 21:27 - 2013-12-22 21:27 - 01233962 _____ C:UsersCarolDesktopAdwCleaner.exe2013-12-22 21:24 - 2013-12-22 21:24 - 00673576 _____ ( ) C:UsersCarolDesktopZipExtractorSetup.exe2013-12-22 09:55 - 2013-12-22 11:40 - 00007602 _____ C:UsersCarolAppDataLocalResmon.ResmonCfg2013-12-21 22:37 - 2013-12-21 22:37 - 00003144 _____ C:WindowsSystem32Tasks{0A68D53F-D204-440A-9460-FDCE7311BC29}2013-12-21 20:55 - 2013-12-21 20:55 - 00001276 _____ C:UsersCarolDesktopNorton Installation Files.lnk2013-12-21 18:08 - 2013-12-21 18:08 - 00000000 ____D C:WindowsSystem32TasksNorton Security Suite2013-12-21 18:05 - 2013-12-21 18:05 - 00002518 _____ C:UsersPublicDesktopNorton Security Suite.lnk2013-12-21 18:03 - 2013-12-21 18:03 - 00000000 ____D C:Windowssystem32DriversN360x642013-12-21 18:03 - 2013-12-21 18:03 - 00000000 ____D C:Program Files (x86)Norton Security Suite2013-12-21 17:21 - 2013-12-24 06:36 - 00219562 _____ C:WindowsWindowsUpdate.log2013-12-21 16:55 - 2013-12-21 17:17 - 00000332 _____ C:WindowsTasksHPCeeScheduleForCarol.job2013-12-21 16:55 - 2013-12-21 16:55 - 00003186 _____ C:WindowsSystem32TasksHPCeeScheduleForCarol2013-12-21 16:34 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:Windowssystem32wmp.dll2013-12-21 16:34 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:Windowssystem32wmploc.DLL2013-12-21 16:34 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:WindowsSysWOW64wmploc.DLL2013-12-21 16:34 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:WindowsSysWOW64wmp.dll2013-12-21 16:33 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:Windowssystem32IEUDINIT.EXE2013-12-21 16:30 - 2013-12-21 16:30 - 01228800 _____ (Microsoft Corporation) C:Windowssystem32mshtmlmedia.dll2013-12-21 16:30 - 2013-12-21 16:30 - 01051136 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmlmedia.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00942592 _____ (Microsoft Corporation) C:Windowssystem32jsIntl.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00940032 _____ (Microsoft Corporation) C:Windowssystem32MsSpellCheckingFacility.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00774144 _____ (Microsoft Corporation) C:Windowssystem32jscript.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00645120 _____ (Microsoft Corporation) C:WindowsSysWOW64jsIntl.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00626176 _____ (Microsoft Corporation) C:Windowssystem32msfeeds.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00616104 _____ (Microsoft Corporation) C:WindowsSysWOW64ieapfltr.dat2013-12-21 16:30 - 2013-12-21 16:30 - 00616104 _____ (Microsoft Corporation) C:Windowssystem32ieapfltr.dat2013-12-21 16:30 - 2013-12-21 16:30 - 00610304 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00548352 _____ (Microsoft Corporation) C:Windowssystem32vbscript.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00523776 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeeds.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00454656 _____ (Microsoft Corporation) C:WindowsSysWOW64vbscript.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00453120 _____ (Microsoft Corporation) C:Windowssystem32dxtmsft.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00413696 _____ (Microsoft Corporation) C:Windowssystem32html.iec2013-12-21 16:30 - 2013-12-21 16:30 - 00367104 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtmsft.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00337408 _____ (Microsoft Corporation) C:WindowsSysWOW64html.iec2013-12-21 16:30 - 2013-12-21 16:30 - 00296960 _____ (Microsoft Corporation) C:Windowssystem32dxtrans.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00263376 _____ (Microsoft Corporation) C:Windowssystem32iedkcs32.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00247808 _____ (Microsoft Corporation) C:Windowssystem32msls31.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00244736 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtrans.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00243200 _____ (Microsoft Corporation) C:Windowssystem32webcheck.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00238288 _____ (Microsoft Corporation) C:WindowsSysWOW64iedkcs32.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00235520 _____ (Microsoft Corporation) C:Windowssystem32url.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00235008 _____ (Microsoft Corporation) C:Windowssystem32elshyph.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00233472 _____ (Microsoft Corporation) C:WindowsSysWOW64url.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00208384 _____ (Microsoft Corporation) C:WindowsSysWOW64webcheck.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00195584 _____ (Microsoft Corporation) C:Windowssystem32msrating.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00194048 _____ (Microsoft Corporation) C:WindowsSysWOW64elshyph.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00182272 _____ (Microsoft Corporation) C:WindowsSysWOW64msls31.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00167424 _____ (Microsoft Corporation) C:Windowssystem32iexpress.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00164864 _____ (Microsoft Corporation) C:WindowsSysWOW64msrating.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00151552 _____ (Microsoft Corporation) C:WindowsSysWOW64iexpress.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00147968 _____ (Microsoft Corporation) C:Windowssystem32occache.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00143872 _____ (Microsoft Corporation) C:Windowssystem32wextract.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00139264 _____ (Microsoft Corporation) C:WindowsSysWOW64wextract.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00135680 _____ (Microsoft Corporation) C:Windowssystem32iepeers.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00131072 _____ (Microsoft Corporation) C:Windowssystem32IEAdvpack.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00127488 _____ (Microsoft Corporation) C:WindowsSysWOW64occache.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00116736 _____ (Microsoft Corporation) C:WindowsSysWOW64iepeers.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00112128 _____ (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00111616 _____ (Microsoft Corporation) C:WindowsSysWOW64IEAdvpack.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00105984 _____ (Microsoft Corporation) C:Windowssystem32iesysprep.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00101376 _____ (Microsoft Corporation) C:Windowssystem32inseng.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00090112 _____ (Microsoft Corporation) C:Windowssystem32SetIEInstalledDate.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00086016 _____ (Microsoft Corporation) C:WindowsSysWOW64iesysprep.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00086016 _____ (Microsoft Corporation) C:Windowssystem32RegisterIEPKEYs.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00084992 _____ (Microsoft Corporation) C:Windowssystem32mshtmled.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00083968 _____ (Microsoft Corporation) C:Windowssystem32MshtmlDac.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00083456 _____ (Microsoft Corporation) C:WindowsSysWOW64inseng.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00081408 _____ (Microsoft Corporation) C:Windowssystem32icardie.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00077312 _____ (Microsoft Corporation) C:Windowssystem32tdc.ocx2013-12-21 16:30 - 2013-12-21 16:30 - 00074240 _____ (Microsoft Corporation) C:WindowsSysWOW64SetIEInstalledDate.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00071680 _____ (Microsoft Corporation) C:WindowsSysWOW64RegisterIEPKEYs.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00069632 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00069120 _____ (Microsoft Corporation) C:WindowsSysWOW64icardie.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00062464 _____ (Microsoft Corporation) C:WindowsSysWOW64tdc.ocx2013-12-21 16:30 - 2013-12-21 16:30 - 00062464 _____ (Microsoft Corporation) C:Windowssystem32pngfilt.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00061952 _____ (Microsoft Corporation) C:WindowsSysWOW64MshtmlDac.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00061952 _____ (Microsoft Corporation) C:WindowsSysWOW64iesetup.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00056832 _____ (Microsoft Corporation) C:WindowsSysWOW64pngfilt.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00052224 _____ (Microsoft Corporation) C:Windowssystem32msfeedsbs.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00051200 _____ (Microsoft Corporation) C:WindowsSysWOW64ieetwproxystub.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00048640 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmler.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00048640 _____ (Microsoft Corporation) C:Windowssystem32mshtmler.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00048128 _____ (Microsoft Corporation) C:Windowssystem32imgutil.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00043008 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeedsbs.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00040448 _____ (Microsoft Corporation) C:Windowssystem32JavaScriptCollectionAgent.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00036352 _____ (Microsoft Corporation) C:WindowsSysWOW64imgutil.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00034816 _____ (Microsoft Corporation) C:WindowsSysWOW64JavaScriptCollectionAgent.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00032768 _____ (Microsoft Corporation) C:WindowsSysWOW64iernonce.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00030208 _____ (Microsoft Corporation) C:Windowssystem32licmgr10.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00024576 _____ (Microsoft Corporation) C:WindowsSysWOW64licmgr10.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00013824 _____ (Microsoft Corporation) C:Windowssystem32mshta.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00013312 _____ (Microsoft Corporation) C:WindowsSysWOW64mshta.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00013312 _____ (Microsoft Corporation) C:Windowssystem32msfeedssync.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00012800 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeedssync.exe2013-12-21 16:11 - 2013-12-22 19:08 - 00000000 ____D C:Windowspss2013-12-21 16:07 - 2013-12-21 16:20 - 00000000 ____D C:ProgramDataYahoo!2013-12-21 16:07 - 2013-12-21 16:07 - 00003546 _____ C:WindowsSystem32TasksFileAssociationManagerUpdater2013-12-21 16:07 - 2013-12-21 16:07 - 00003152 _____ C:WindowsSystem32TasksArcadeParlor2013-12-21 16:07 - 2013-12-21 16:07 - 00000000 ____D C:UsersCarolAppDataRoamingMicrosoftWindowsStart MenuProgramsFile Association Manager2013-12-21 16:07 - 2013-12-21 16:07 - 00000000 ____D C:UsersCarolAppDataRoamingFileAssociationManager2013-12-21 16:07 - 2013-12-21 16:07 - 00000000 ____D C:Program Files (x86)FileAssociationManager2013-12-21 15:53 - 2013-12-21 15:53 - 00000000 ____D C:Program Files (x86)Mozilla Firefox2013-12-21 15:06 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:Windowssystem32crypt32.dll2013-12-21 15:06 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:WindowsSysWOW64crypt32.dll2013-12-21 15:05 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:Windowssystem32msieftp.dll2013-12-21 15:05 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:WindowsSysWOW64msieftp.dll2013-12-21 15:05 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:Windowssystem32win32k.sys2013-12-21 15:05 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:Windowssystem32SmartcardCredentialProvider.dll2013-12-21 15:05 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:Windowssystem32credui.dll2013-12-21 15:05 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:WindowsSysWOW64authui.dll2013-12-21 15:05 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:WindowsSysWOW64credui.dll2013-12-21 15:05 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:Windowssystem32gdi32.dll2013-12-21 15:05 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:WindowsSysWOW64gdi32.dll2013-12-21 15:05 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:Windowssystem32Driversafd.sys2013-12-21 15:05 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:Windowssystem32Driversksecpkg.sys2013-12-21 15:05 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:Windowssystem32sspicli.dll2013-12-21 15:05 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:Windowssystem32secur32.dll2013-12-21 15:05 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:Windowssystem32schannel.dll2013-12-21 15:05 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:Windowssystem32lsasrv.dll2013-12-21 15:05 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:Windowssystem32ncrypt.dll2013-12-21 15:05 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:WindowsSysWOW64sspicli.dll2013-12-21 15:05 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:WindowsSysWOW64schannel.dll2013-12-21 15:05 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:WindowsSysWOW64secur32.dll2013-12-21 15:05 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:WindowsSysWOW64ncrypt.dll2013-12-21 15:05 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:Windowssystem32lsass.exe2013-12-21 15:05 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:Windowssystem32Driverscng.sys2013-12-21 15:03 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:WindowsSysWOW64WMPhoto.dll2013-12-21 15:03 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:Windowssystem32WMPhoto.dll2013-12-21 15:03 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:Windowssystem32imagehlp.dll2013-12-21 15:03 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:WindowsSysWOW64imagehlp.dll2013-12-21 15:02 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:Windowssystem32tzres.dll2013-12-21 15:02 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:WindowsSysWOW64tzres.dll2013-12-21 15:02 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:Windowssystem32wshom.ocx2013-12-21 15:02 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:Windowssystem32scrrun.dll2013-12-21 15:02 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:WindowsSysWOW64wshom.ocx2013-12-21 15:02 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:WindowsSysWOW64scrrun.dll2013-12-21 15:02 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:Windowssystem32wscript.exe2013-12-21 15:02 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:Windowssystem32cscript.exe2013-12-21 15:02 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:WindowsSysWOW64wscript.exe2013-12-21 15:02 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:WindowsSysWOW64cscript.exe2013-12-21 15:02 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:Windowssystem32Driversdrmk.sys2013-12-21 15:02 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:Windowssystem32Driversportcls.sys2013-12-21 15:00 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:Windowssystem32nshwfp.dll2013-12-21 15:00 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:Windowssystem32IKEEXT.DLL2013-12-21 15:00 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:Windowssystem32FWPUCLNT.DLL2013-12-21 15:00 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:WindowsSysWOW64nshwfp.dll2013-12-21 15:00 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:WindowsSysWOW64FWPUCLNT.DLL2013-11-24 14:23 - 2013-11-24 14:23 - 00207360 _____ C:UsersCarolDesktopQCInspectionForm 2013.xls2013-11-24 13:54 - 2013-12-21 16:46 - 00000000 ____D C:Program Files (x86)Audacity2013-11-24 13:54 - 2013-12-21 16:45 - 00000000 ____D C:UsersCarolAppDataRoamingAudacity==================== One Month Modified Files and Folders =======2013-12-24 08:24 - 2013-12-24 08:23 - 00013937 _____ C:UsersCarolDesktopFRST.txt2013-12-24 08:23 - 2013-12-24 08:23 - 00004525 _____ C:UsersCarolDesktopJRT.txt2013-12-24 08:23 - 2013-12-24 08:23 - 00000000 ____D C:FRST2013-12-24 08:18 - 2009-07-13 22:45 - 00024608 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-12-24 08:18 - 2009-07-13 22:45 - 00024608 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-12-24 08:17 - 2013-12-24 08:17 - 00000000 ____D C:WindowsERUNT2013-12-24 08:13 - 2013-12-24 08:13 - 01928604 _____ (Farbar) C:UsersCarolDesktopFRST64.exe2013-12-24 08:10 - 2013-12-24 08:10 - 01034531 _____ (Thisisu) C:UsersCarolDesktopJRT.exe2013-12-24 08:09 - 2012-06-08 17:41 - 00000896 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job2013-12-24 07:50 - 2012-04-01 19:31 - 00000324 _____ C:WindowsTasksHP Photo Creations Communicator.job2013-12-24 07:33 - 2012-04-10 16:08 - 00000830 _____ C:WindowsTasksAdobe Flash Player Updater.job2013-12-24 06:36 - 2013-12-21 17:21 - 00219562 _____ C:WindowsWindowsUpdate.log2013-12-24 04:53 - 2012-06-08 17:41 - 00000892 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job2013-12-24 03:24 - 2009-07-13 23:13 - 00778834 _____ C:Windowssystem32PerfStringBackup.INI2013-12-24 03:21 - 2011-04-11 17:47 - 00000000 ____D C:ProgramDataPDFC2013-12-24 03:19 - 2013-12-23 05:59 - 00000112 _____ C:Windowssetupact.log2013-12-24 03:19 - 2009-07-13 23:08 - 00000006 ____H C:WindowsTasksSA.DAT2013-12-23 18:48 - 2013-12-23 18:48 - 00018645 _____ C:UsersCarolDesktopdds.txt2013-12-23 18:48 - 2013-12-23 18:48 - 00017434 _____ C:UsersCarolDesktopattach.txt2013-12-23 18:47 - 2013-12-23 18:47 - 00688992 ____R (Swearware) C:UsersCarolDesktopdds.com2013-12-23 05:59 - 2013-12-23 05:59 - 00000792 _____ C:WindowsPFRO.log2013-12-23 05:59 - 2013-12-23 05:59 - 00000000 _____ C:Windowssetuperr.log2013-12-23 05:57 - 2013-12-22 21:28 - 00000000 ____D C:AdwCleaner2013-12-22 21:54 - 2012-01-18 09:50 - 00000000 ____D C:UsersCarolAppDataLocalCrashDumps2013-12-22 21:27 - 2013-12-22 21:27 - 01233962 _____ C:UsersCarolDesktopAdwCleaner.exe2013-12-22 21:24 - 2013-12-22 21:24 - 00673576 _____ ( ) C:UsersCarolDesktopZipExtractorSetup.exe2013-12-22 19:08 - 2013-12-21 16:11 - 00000000 ____D C:Windowspss2013-12-22 19:08 - 2011-08-09 17:07 - 00000000 ___RD C:UsersCarolAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup2013-12-22 11:40 - 2013-12-22 09:55 - 00007602 _____ C:UsersCarolAppDataLocalResmon.ResmonCfg2013-12-22 11:11 - 2011-09-16 10:24 - 00000000 ____D C:UsersCarolAppDataLocalGoogle2013-12-22 11:11 - 2011-09-16 10:24 - 00000000 ____D C:Program Files (x86)Google2013-12-22 09:28 - 2012-09-20 18:18 - 00000000 ____D C:Program Files (x86)PCPitstop2013-12-22 01:17 - 2012-09-20 18:18 - 00000000 ____D C:ProgramDataPCPitstop2013-12-21 22:37 - 2013-12-21 22:37 - 00003144 _____ C:WindowsSystem32Tasks{0A68D53F-D204-440A-9460-FDCE7311BC29}2013-12-21 22:37 - 2011-08-11 19:43 - 00000000 ___RD C:UsersCarolDesktopStuff2013-12-21 20:56 - 2013-01-23 18:24 - 00000000 ____D C:UsersCarolAppDataRoamingMicrosoftWindowsStart MenuProgramsNorton2013-12-21 20:56 - 2011-04-11 17:52 - 00000000 ____D C:ProgramDataNorton2013-12-21 20:55 - 2013-12-21 20:55 - 00001276 _____ C:UsersCarolDesktopNorton Installation Files.lnk2013-12-21 18:08 - 2013-12-21 18:08 - 00000000 ____D C:WindowsSystem32TasksNorton Security Suite2013-12-21 18:06 - 2013-01-23 18:36 - 00003228 _____ C:WindowsSystem32TasksNorton WSC Integration2013-12-21 18:05 - 2013-12-21 18:05 - 00002518 _____ C:UsersPublicDesktopNorton Security Suite.lnk2013-12-21 18:05 - 2013-01-23 18:36 - 00177752 _____ (Symantec Corporation) C:Windowssystem32DriversSYMEVENT64x86.SYS2013-12-21 18:05 - 2013-01-23 18:36 - 00008222 _____ C:Windowssystem32DriversSYMEVENT64x86.CAT2013-12-21 18:03 - 2013-12-21 18:03 - 00000000 ____D C:Windowssystem32DriversN360x642013-12-21 18:03 - 2013-12-21 18:03 - 00000000 ____D C:Program Files (x86)Norton Security Suite2013-12-21 17:44 - 2011-08-09 20:36 - 00000000 ____D C:UsersPublicDownloadsNorton2013-12-21 17:19 - 2011-08-09 17:07 - 00001419 _____ C:UsersCarolAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer.lnk2013-12-21 17:19 - 2009-07-13 23:09 - 00000000 ____D C:WindowsSystem32TasksWPD2013-12-21 17:17 - 2013-12-21 16:55 - 00000332 _____ C:WindowsTasksHPCeeScheduleForCarol.job2013-12-21 17:15 - 2011-09-10 17:57 - 00000824 _____ C:UsersPublicDesktopCCleaner.lnk2013-12-21 17:15 - 2011-09-10 17:57 - 00000000 ____D C:Program FilesCCleaner2013-12-21 17:09 - 2011-02-11 11:00 - 00000000 ____D C:WindowsPanther2013-12-21 16:55 - 2013-12-21 16:55 - 00003186 _____ C:WindowsSystem32TasksHPCeeScheduleForCarol2013-12-21 16:54 - 2011-11-09 19:21 - 00000000 _____ C:Windowssystem32HP_ActiveX_Patch_NOT_DETECTED.txt2013-12-21 16:54 - 2011-08-17 21:05 - 00000052 _____ C:WindowsSysWOW64DOErrors.log2013-12-21 16:53 - 2011-08-17 21:04 - 00000000 ____D C:UsersCarolAppDataRoamingHP Support Assistant2013-12-21 16:53 - 2011-08-10 18:56 - 00000000 ____D C:UsersCarolAppDataRoamingHpUpdate2013-12-21 16:46 - 2013-11-24 13:54 - 00000000 ____D C:Program Files (x86)Audacity2013-12-21 16:46 - 2013-01-23 18:36 - 00000000 ____D C:Program FilesCommon FilesSymantec Shared2013-12-21 16:46 - 2011-11-18 06:24 - 00000000 ____D C:Windowssystem32Macromed2013-12-21 16:46 - 2011-08-09 19:52 - 00000000 ____D C:UsersOwner.Carol-HP2013-12-21 16:46 - 2011-08-09 19:52 - 00000000 ____D C:UsersOwner2013-12-21 16:46 - 2011-04-11 17:45 - 00000000 ____D C:WindowsSysWOW64Macromed2013-12-21 16:46 - 2011-04-11 17:38 - 00000000 ____D C:ProgramDataRoxioNow2013-12-21 16:46 - 2009-07-13 21:20 - 00000000 __RSD C:WindowsMedia2013-12-21 16:46 - 2009-07-13 21:20 - 00000000 ____D C:Program FilesCommon FilesMicrosoft Shared2013-12-21 16:45 - 2013-11-24 13:54 - 00000000 ____D C:UsersCarolAppDataRoamingAudacity2013-12-21 16:45 - 2010-11-21 01:16 - 00000000 ___RD C:UsersPublicRecorded TV2013-12-21 16:45 - 2009-07-13 21:20 - 00000000 ____D C:Windowsregistration2013-12-21 16:43 - 2011-08-13 19:59 - 00000000 __RHD C:MSOCache2013-12-21 16:43 - 2009-07-13 22:45 - 00420040 _____ C:Windowssystem32FNTCACHE.DAT2013-12-21 16:40 - 2009-07-13 21:20 - 00000000 ____D C:WindowsPolicyDefinitions2013-12-21 16:37 - 2012-04-29 19:55 - 00000000 ____D C:Program Files (x86)Mozilla Maintenance Service2013-12-21 16:33 - 2012-04-10 16:08 - 00003768 _____ C:WindowsSystem32TasksAdobe Flash Player Updater2013-12-21 16:33 - 2012-04-10 16:07 - 00692616 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe2013-12-21 16:33 - 2011-08-09 18:11 - 00071048 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl2013-12-21 16:30 - 2013-12-21 16:30 - 01228800 _____ (Microsoft Corporation) C:Windowssystem32mshtmlmedia.dll2013-12-21 16:30 - 2013-12-21 16:30 - 01051136 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmlmedia.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00942592 _____ (Microsoft Corporation) C:Windowssystem32jsIntl.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00940032 _____ (Microsoft Corporation) C:Windowssystem32MsSpellCheckingFacility.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00774144 _____ (Microsoft Corporation) C:Windowssystem32jscript.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00645120 _____ (Microsoft Corporation) C:WindowsSysWOW64jsIntl.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00626176 _____ (Microsoft Corporation) C:Windowssystem32msfeeds.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00616104 _____ (Microsoft Corporation) C:WindowsSysWOW64ieapfltr.dat2013-12-21 16:30 - 2013-12-21 16:30 - 00616104 _____ (Microsoft Corporation) C:Windowssystem32ieapfltr.dat2013-12-21 16:30 - 2013-12-21 16:30 - 00610304 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00548352 _____ (Microsoft Corporation) C:Windowssystem32vbscript.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00523776 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeeds.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00454656 _____ (Microsoft Corporation) C:WindowsSysWOW64vbscript.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00453120 _____ (Microsoft Corporation) C:Windowssystem32dxtmsft.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00413696 _____ (Microsoft Corporation) C:Windowssystem32html.iec2013-12-21 16:30 - 2013-12-21 16:30 - 00367104 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtmsft.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00337408 _____ (Microsoft Corporation) C:WindowsSysWOW64html.iec2013-12-21 16:30 - 2013-12-21 16:30 - 00296960 _____ (Microsoft Corporation) C:Windowssystem32dxtrans.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00263376 _____ (Microsoft Corporation) C:Windowssystem32iedkcs32.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00247808 _____ (Microsoft Corporation) C:Windowssystem32msls31.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00244736 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtrans.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00243200 _____ (Microsoft Corporation) C:Windowssystem32webcheck.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00238288 _____ (Microsoft Corporation) C:WindowsSysWOW64iedkcs32.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00235520 _____ (Microsoft Corporation) C:Windowssystem32url.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00235008 _____ (Microsoft Corporation) C:Windowssystem32elshyph.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00233472 _____ (Microsoft Corporation) C:WindowsSysWOW64url.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00208384 _____ (Microsoft Corporation) C:WindowsSysWOW64webcheck.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00195584 _____ (Microsoft Corporation) C:Windowssystem32msrating.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00194048 _____ (Microsoft Corporation) C:WindowsSysWOW64elshyph.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00182272 _____ (Microsoft Corporation) C:WindowsSysWOW64msls31.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00167424 _____ (Microsoft Corporation) C:Windowssystem32iexpress.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00164864 _____ (Microsoft Corporation) C:WindowsSysWOW64msrating.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00151552 _____ (Microsoft Corporation) C:WindowsSysWOW64iexpress.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00147968 _____ (Microsoft Corporation) C:Windowssystem32occache.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00143872 _____ (Microsoft Corporation) C:Windowssystem32wextract.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00139264 _____ (Microsoft Corporation) C:WindowsSysWOW64wextract.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00135680 _____ (Microsoft Corporation) C:Windowssystem32iepeers.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00131072 _____ (Microsoft Corporation) C:Windowssystem32IEAdvpack.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00127488 _____ (Microsoft Corporation) C:WindowsSysWOW64occache.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00116736 _____ (Microsoft Corporation) C:WindowsSysWOW64iepeers.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00112128 _____ (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00111616 _____ (Microsoft Corporation) C:WindowsSysWOW64IEAdvpack.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00105984 _____ (Microsoft Corporation) C:Windowssystem32iesysprep.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00101376 _____ (Microsoft Corporation) C:Windowssystem32inseng.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00090112 _____ (Microsoft Corporation) C:Windowssystem32SetIEInstalledDate.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00086016 _____ (Microsoft Corporation) C:WindowsSysWOW64iesysprep.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00086016 _____ (Microsoft Corporation) C:Windowssystem32RegisterIEPKEYs.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00084992 _____ (Microsoft Corporation) C:Windowssystem32mshtmled.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00083968 _____ (Microsoft Corporation) C:Windowssystem32MshtmlDac.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00083456 _____ (Microsoft Corporation) C:WindowsSysWOW64inseng.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00081408 _____ (Microsoft Corporation) C:Windowssystem32icardie.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00077312 _____ (Microsoft Corporation) C:Windowssystem32tdc.ocx2013-12-21 16:30 - 2013-12-21 16:30 - 00074240 _____ (Microsoft Corporation) C:WindowsSysWOW64SetIEInstalledDate.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00071680 _____ (Microsoft Corporation) C:WindowsSysWOW64RegisterIEPKEYs.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00069632 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00069120 _____ (Microsoft Corporation) C:WindowsSysWOW64icardie.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00062464 _____ (Microsoft Corporation) C:WindowsSysWOW64tdc.ocx2013-12-21 16:30 - 2013-12-21 16:30 - 00062464 _____ (Microsoft Corporation) C:Windowssystem32pngfilt.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00061952 _____ (Microsoft Corporation) C:WindowsSysWOW64MshtmlDac.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00061952 _____ (Microsoft Corporation) C:WindowsSysWOW64iesetup.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00056832 _____ (Microsoft Corporation) C:WindowsSysWOW64pngfilt.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00052224 _____ (Microsoft Corporation) C:Windowssystem32msfeedsbs.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00051200 _____ (Microsoft Corporation) C:WindowsSysWOW64ieetwproxystub.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00048640 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmler.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00048640 _____ (Microsoft Corporation) C:Windowssystem32mshtmler.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00048128 _____ (Microsoft Corporation) C:Windowssystem32imgutil.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00043008 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeedsbs.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00040448 _____ (Microsoft Corporation) C:Windowssystem32JavaScriptCollectionAgent.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00036352 _____ (Microsoft Corporation) C:WindowsSysWOW64imgutil.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00034816 _____ (Microsoft Corporation) C:WindowsSysWOW64JavaScriptCollectionAgent.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00032768 _____ (Microsoft Corporation) C:WindowsSysWOW64iernonce.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00030208 _____ (Microsoft Corporation) C:Windowssystem32licmgr10.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00024576 _____ (Microsoft Corporation) C:WindowsSysWOW64licmgr10.dll2013-12-21 16:30 - 2013-12-21 16:30 - 00013824 _____ (Microsoft Corporation) C:Windowssystem32mshta.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00013312 _____ (Microsoft Corporation) C:WindowsSysWOW64mshta.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00013312 _____ (Microsoft Corporation) C:Windowssystem32msfeedssync.exe2013-12-21 16:30 - 2013-12-21 16:30 - 00012800 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeedssync.exe2013-12-21 16:28 - 2011-08-10 19:46 - 00000000 ____D C:ProgramDataMicrosoft Help2013-12-21 16:25 - 2013-07-26 02:00 - 00000000 ____D C:Windowssystem32MRT2013-12-21 16:20 - 2013-12-21 16:07 - 00000000 ____D C:ProgramDataYahoo!2013-12-21 16:07 - 2013-12-21 16:07 - 00003546 _____ C:WindowsSystem32TasksFileAssociationManagerUpdater2013-12-21 16:07 - 2013-12-21 16:07 - 00003152 _____ C:WindowsSystem32TasksArcadeParlor2013-12-21 16:07 - 2013-12-21 16:07 - 00000000 ____D C:UsersCarolAppDataRoamingMicrosoftWindowsStart MenuProgramsFile Association Manager2013-12-21 16:07 - 2013-12-21 16:07 - 00000000 ____D C:UsersCarolAppDataRoamingFileAssociationManager2013-12-21 16:07 - 2013-12-21 16:07 - 00000000 ____D C:Program Files (x86)FileAssociationManager2013-12-21 15:53 - 2013-12-21 15:53 - 00000000 ____D C:Program Files (x86)Mozilla Firefox2013-12-21 15:04 - 2012-06-08 17:41 - 00003892 _____ C:WindowsSystem32TasksGoogleUpdateTaskMachineUA2013-12-21 15:04 - 2012-06-08 17:41 - 00003640 _____ C:WindowsSystem32TasksGoogleUpdateTaskMachineCore2013-12-21 14:50 - 2011-08-09 16:58 - 00000000 ____D C:UsersCarol2013-12-21 09:36 - 2013-01-26 09:12 - 00000000 ____D C:UsersCarolDesktopRecipes2013-12-15 10:15 - 2011-10-05 20:44 - 00000000 ____D C:ProgramDataReaConverter2013-12-08 16:23 - 2012-01-29 11:06 - 00000000 ____D C:UsersCarolDesktopWallpaper2013-12-01 14:42 - 2011-08-10 20:19 - 90708896 _____ (Microsoft Corporation) C:Windowssystem32MRT.exe2013-11-26 05:54 - 2013-12-24 03:00 - 23183360 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll2013-11-26 04:19 - 2013-12-24 03:00 - 02724864 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb2013-11-26 04:18 - 2013-12-24 03:00 - 00004096 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollectorres.dll2013-11-26 04:11 - 2013-12-24 03:00 - 17112576 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll2013-11-26 03:48 - 2013-12-24 03:00 - 00066048 _____ (Microsoft Corporation) C:Windowssystem32iesetup.dll2013-11-26 03:46 - 2013-12-24 03:00 - 00048640 _____ (Microsoft Corporation) C:Windowssystem32ieetwproxystub.dll2013-11-26 03:41 - 2013-12-24 03:00 - 02764288 _____ (Microsoft Corporation) C:Windowssystem32iertutil.dll2013-11-26 03:29 - 2013-12-24 03:00 - 00053760 _____ (Microsoft Corporation) C:Windowssystem32jsproxy.dll2013-11-26 03:27 - 2013-12-24 03:00 - 00033792 _____ (Microsoft Corporation) C:Windowssystem32iernonce.dll2013-11-26 03:23 - 2013-12-24 03:00 - 02724864 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb2013-11-26 03:21 - 2013-12-24 03:00 - 00574976 _____ (Microsoft Corporation) C:Windowssystem32ieui.dll2013-11-26 03:18 - 2013-12-24 03:00 - 00139264 _____ (Microsoft Corporation) C:Windowssystem32ieUnatt.exe2013-11-26 03:18 - 2013-12-24 03:00 - 00111616 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollector.exe2013-11-26 03:16 - 2013-12-24 03:00 - 00708608 _____ (Microsoft Corporation) C:Windowssystem32jscript9diag.dll2013-11-26 02:57 - 2013-12-24 03:00 - 00218624 _____ (Microsoft Corporation) C:Windowssystem32ie4uinit.exe2013-11-26 02:38 - 2013-12-24 03:00 - 02166784 _____ (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll2013-11-26 02:38 - 2013-12-24 03:00 - 00043008 _____ (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll2013-11-26 02:35 - 2013-12-24 03:00 - 05769216 _____ (Microsoft Corporation) C:Windowssystem32jscript9.dll2013-11-26 02:32 - 2013-12-24 03:00 - 00440832 _____ (Microsoft Corporation) C:WindowsSysWOW64ieui.dll2013-11-26 02:28 - 2013-12-24 03:00 - 00553472 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9diag.dll2013-11-26 02:16 - 2013-12-24 03:00 - 04243968 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll2013-11-26 02:02 - 2013-12-24 03:00 - 01995264 _____ (Microsoft Corporation) C:Windowssystem32inetcpl.cpl2013-11-26 01:48 - 2013-12-24 03:00 - 12996608 _____ (Microsoft Corporation) C:Windowssystem32ieframe.dll2013-11-26 01:32 - 2013-12-24 03:00 - 01928192 _____ (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl2013-11-26 01:26 - 2013-12-24 03:00 - 11221504 _____ (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll2013-11-26 01:07 - 2013-12-24 03:00 - 02334208 _____ (Microsoft Corporation) C:Windowssystem32wininet.dll2013-11-26 00:40 - 2013-12-24 03:00 - 01395200 _____ (Microsoft Corporation) C:Windowssystem32urlmon.dll2013-11-26 00:34 - 2013-12-24 03:00 - 00817664 _____ (Microsoft Corporation) C:Windowssystem32ieapfltr.dll2013-11-26 00:34 - 2013-12-24 03:00 - 00703488 _____ (Microsoft Corporation) C:WindowsSysWOW64ieapfltr.dll2013-11-26 00:33 - 2013-12-24 03:00 - 01820160 _____ (Microsoft Corporation) C:WindowsSysWOW64wininet.dll2013-11-26 00:27 - 2013-12-24 03:00 - 01157632 _____ (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll2013-11-24 14:23 - 2013-11-24 14:23 - 00207360 _____ C:UsersCarolDesktopQCInspectionForm 2013.xlsSome content of TEMP:====================C:UsersCarolAppDataLocalTemp96395uninstall.exeC:UsersCarolAppDataLocalTempQuarantine.exeC:UsersCarolAppDataLocalTempSpotifyUninstall.exeC:UsersCarolAppDataLocalTempSqlite3.dll==================== Bamital & volsnap Check =================C:WindowsSystem32winlogon.exe => MD5 is legitC:WindowsSystem32wininit.exe => MD5 is legitC:WindowsSysWOW64wininit.exe => MD5 is legitC:Windowsexplorer.exe => MD5 is legitC:WindowsSysWOW64explorer.exe => MD5 is legitC:WindowsSystem32svchost.exe => MD5 is legitC:WindowsSysWOW64svchost.exe => MD5 is legitC:WindowsSystem32services.exe => MD5 is legitC:WindowsSystem32User32.dll => MD5 is legitC:WindowsSysWOW64User32.dll => MD5 is legitC:WindowsSystem32userinit.exe => MD5 is legitC:WindowsSysWOW64userinit.exe => MD5 is legitC:WindowsSystem32Driversvolsnap.sys => MD5 is legitLastRegBack: 2012-08-17 01:33==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2013Ran by Carol at 2013-12-24 08:24:54Running from C:UsersCarolDesktopBoot Mode: Normal============================================================================== Security Center ========================AV: Norton Security Suite (Disabled - Up to date) {63DF5

Link to post
Share on other sites

That found a little bit more didn't it.

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

BHO-x32: No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

Toolbar: HKLM-x32 - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

FF ProfilePath: C:UsersCarolAppDataRoamingMozillaFirefoxProfilescvlu5oht.default

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered1NP_wtapp.dll ()

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

C:UsersCarolAppDataLocalTemp96395uninstall.exe

C:UsersCarolAppDataLocalTempQuarantine.exe

C:UsersCarolAppDataLocalTempSpotifyUninstall.exe

C:UsersCarolAppDataLocalTempSqlite3.dll

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Need an update on how the computer is at the moment.

Link to post
Share on other sites

Here's the latest log file:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2013 01Ran by Carol at 2013-12-24 11:40:40 Run:1Running from C:UsersCarolDesktopScanBoot Mode: Normal==============================================Content of fixlist:*****************startBHO-x32: No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No FileToolbar: HKLM-x32 - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No FileToolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No FileFF ProfilePath: C:UsersCarolAppDataRoamingMozillaFirefoxProfilescvlu5oht.defaultFF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered1NP_wtapp.dll ()Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTIONC:UsersCarolAppDataLocalTemp96395uninstall.exeC:UsersCarolAppDataLocalTempQuarantine.exeC:UsersCarolAppDataLocalTempSpotifyUninstall.exeC:UsersCarolAppDataLocalTempSqlite3.dllend*****************HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key deleted successfully.HKCRWow6432NodeCLSID{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Value deleted successfully.HKCRWow6432NodeCLSID{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Value deleted successfully.HKCRCLSID{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.C:WindowsSystem32winsrv.dll => Should not be [email protected]/GamesAppPresenceDetector,Version=1.0 => Key deleted successfully.C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered1NP_wtapp.dll => Moved successfully.C:UsersCarolAppDataLocalTemp96395uninstall.exe => Moved successfully.C:UsersCarolAppDataLocalTempQuarantine.exe => Moved successfully.C:UsersCarolAppDataLocalTempSpotifyUninstall.exe => Moved successfully.C:UsersCarolAppDataLocalTempSqlite3.dll => Moved successfully.==== End of Fixlog ====

Link to post
Share on other sites

Please Run TFC by OldTimer to clear temporary files:

 

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then restart the computer and then run the following and post back the log please.

 

 

The scanner below can take quite a while to run depending on how full your system is, if today and tomorrow is not a good time I can understand.

~~~~~

 

ESET Online Scanner:

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

[*]Please go to this website http://www.eset.com/us/online-scanner/run

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

[*]Select the option YES, I accept the Terms of Use then click on: Posted Image

[*]When prompted allow the Add-On/Active X to install.

[*]Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.

[*]Now click on Advanced Settings and select the following:

[*]

[*]Scan for potentially unwanted applications

[*]Scan for potentially unsafe applications

[*]Enable Anti-Stealth Technology

[*]Now click on: Posted Image

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: Posted Image

[*]Use notepad to open the logfile located at C:Program FilesESETEsetOnlineScannerlog.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Log file:

 

[email protected] as downloader log:all ok# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=7bb2d797d5f7174c924b72767f4286f0# engine=16394# end=finished# remove_checked=false# archives_checked=false# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2013-12-24 09:08:04# local_time=2013-12-24 03:08:04 (-0600, Central Standard Time)# country="United States"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode=5893 16776574 100 94 13466197 139462734 0 0# scanned=237917# found=1# cleaned=0# scan_time=3678sh=CB5069F01BAC0A0FF052348344E639937A2AE7FB ft=1 fh=c71c001103eb3552 vn="a variant of Win32/InstallCore.D application" ac=I fn="C:UsersCarolDesktopZipExtractorSetup.exe"

Link to post
Share on other sites

[*]Please download OTM by OldTimer and save it to your desktop.

[*]Double click the Posted Image icon on your desktop.

[*]Paste the following code under the Posted Image area. Do not include the word "Quote".

 

C:UsersCarolDesktopZipExtractorSetup.exe

[*]Push the large Posted Image button.

[*]OTM may ask to reboot the machine. Please do so if asked.

[*]Copy/Paste the contents under the Posted Image line here in your next reply.

[*]If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:_OTMMovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

~~~~~~~~~~~~~~~~~~~~~~`

 

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

 

Emergency Backup Procedure - Tech Support Forum

[*]Download ComboFix from here:

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* IMPORTANT !!! Place ComboFix.exe on your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

 

 

You can get help on disabling your protection programs here

[*]Double click on ComboFix.exe & follow the prompts.

[*]Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

[*]When finished, it shall produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------

[*]Ensure your AntiVirus and AntiSpyware applications are re-enabled.

 

---------------------------------------------------------------------------------------------

Link to post
Share on other sites

My fault

[*]Paste the following code under the Posted Image area. Do not include the word "Quote".

:Files

C:UsersCarolDesktopZipExtractorSetup.exe

[*]Push the large Posted Image button.

[*]OTM may ask to reboot the machine. Please do so if asked.

[*]Copy/Paste the contents under the Posted Image line here in your next reply.

[*]If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:_OTMMovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[*]

 

Link to post
Share on other sites

Here's the log from ComboFix:

 

ComboFix 13-12-24.02 - Carol 12/24/2013 16:16:33.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4086 [GMT -6:00]Running from: c:usersCarolDesktopComboFix.exeAV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:Install.exec:windowssecurityDatabasetmp.edb..((((((((((((((((((((((((( Files Created from 2013-11-24 to 2013-12-24 )))))))))))))))))))))))))))))))..2013-12-24 22:06 . 2013-12-24 22:06 -------- d-----w- C:_OTM2013-12-24 19:56 . 2013-12-24 19:56 -------- d-----w- c:program files (x86)ESET2013-12-24 14:23 . 2013-12-24 17:38 -------- d-----w- C:FRST2013-12-24 14:17 . 2013-12-24 14:17 -------- d-----w- c:windowsERUNT2013-12-23 03:28 . 2013-12-23 11:57 -------- d-----w- C:AdwCleaner2013-12-22 00:03 . 2013-12-22 00:03 -------- d-----w- c:windowssystem32driversN360x642013-12-22 00:03 . 2013-12-22 00:03 -------- d-----w- c:program files (x86)Norton Security Suite2013-12-21 22:34 . 2013-05-10 04:30 167424 ----a-w- c:program filesWindows Media Playerwmplayer.exe2013-12-21 22:34 . 2013-05-10 03:48 164864 ----a-w- c:program files (x86)Windows Media Playerwmplayer.exe2013-12-21 22:34 . 2013-05-10 05:56 12625920 ----a-w- c:windowssystem32wmploc.DLL2013-12-21 22:34 . 2013-05-10 04:56 12625408 ----a-w- c:windowsSysWow64wmploc.DLL2013-12-21 22:34 . 2013-05-10 05:56 14631424 ----a-w- c:windowssystem32wmp.dll2013-12-21 22:33 . 2013-10-15 00:00 28368 ----a-w- c:windowssystem32IEUDINIT.EXE2013-12-21 22:07 . 2013-12-21 22:07 -------- d-----w- c:program files (x86)FileAssociationManager2013-12-21 22:07 . 2013-12-21 22:07 -------- d-----w- c:usersCarolAppDataRoamingFileAssociationManager2013-12-21 22:07 . 2013-12-21 22:20 -------- d-----w- c:programdataYahoo!2013-12-21 21:06 . 2013-10-05 20:25 1474048 ----a-w- c:windowssystem32crypt32.dll2013-12-21 21:06 . 2013-10-05 19:57 1168384 ----a-w- c:windowsSysWow64crypt32.dll2013-12-21 21:03 . 2013-11-23 18:26 417792 ----a-w- c:windowsSysWow64WMPhoto.dll2013-12-21 21:03 . 2013-11-23 17:47 465920 ----a-w- c:windowssystem32WMPhoto.dll2013-12-21 21:03 . 2013-10-19 02:18 81408 ----a-w- c:windowssystem32imagehlp.dll2013-12-21 21:03 . 2013-10-19 01:36 159232 ----a-w- c:windowsSysWow64imagehlp.dll2013-12-21 21:02 . 2013-11-12 02:23 2048 ----a-w- c:windowssystem32tzres.dll2013-12-21 21:02 . 2013-11-12 02:07 2048 ----a-w- c:windowsSysWow64tzres.dll2013-12-21 21:02 . 2013-10-04 02:16 116736 ----a-w- c:windowssystem32driversdrmk.sys2013-12-21 21:02 . 2013-10-04 01:36 230400 ----a-w- c:windowssystem32driversportcls.sys2013-12-21 21:02 . 2013-10-12 02:32 150016 ----a-w- c:windowssystem32wshom.ocx2013-12-21 21:02 . 2013-10-12 02:31 202752 ----a-w- c:windowssystem32scrrun.dll2013-12-21 21:02 . 2013-10-12 02:04 121856 ----a-w- c:windowsSysWow64wshom.ocx2013-12-21 21:02 . 2013-10-12 02:03 163840 ----a-w- c:windowsSysWow64scrrun.dll2013-12-21 21:02 . 2013-10-12 01:33 156160 ----a-w- c:windowssystem32cscript.exe2013-12-21 21:02 . 2013-10-12 01:33 168960 ----a-w- c:windowssystem32wscript.exe2013-12-21 21:02 . 2013-10-12 01:15 141824 ----a-w- c:windowsSysWow64wscript.exe2013-12-21 21:02 . 2013-10-12 01:15 126976 ----a-w- c:windowsSysWow64cscript.exe2013-12-21 21:00 . 2013-10-12 02:30 830464 ----a-w- c:windowssystem32nshwfp.dll2013-12-21 21:00 . 2013-10-12 02:29 859648 ----a-w- c:windowssystem32IKEEXT.DLL2013-12-21 21:00 . 2013-10-12 02:29 324096 ----a-w- c:windowssystem32FWPUCLNT.DLL2013-12-21 21:00 . 2013-10-12 02:03 656896 ----a-w- c:windowsSysWow64nshwfp.dll2013-12-21 21:00 . 2013-10-12 02:01 216576 ----a-w- c:windowsSysWow64FWPUCLNT.DLL...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-12-22 00:05 . 2013-01-24 00:36 177752 ----a-w- c:windowssystem32driversSYMEVENT64x86.SYS2013-12-21 22:33 . 2012-04-10 22:07 692616 ----a-w- c:windowsSysWow64FlashPlayerApp.exe2013-12-21 22:33 . 2011-08-10 00:11 71048 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl2013-12-01 20:42 . 2011-08-11 02:19 90708896 ----a-w- c:windowssystem32MRT.exe2013-10-18 00:30 . 2013-10-18 00:30 163504 ----a-w- c:programdataMicrosoftWindowsSqmManifestSqm10145.bin2013-10-12 20:14 . 2011-06-11 06:58 773712 ----a-w- c:windowsSysWow64msvcr100.dll2013-10-12 20:14 . 2011-06-11 06:58 420944 ----a-w- c:windowsSysWow64msvcp100.dll2013-10-04 02:24 . 2013-11-13 09:00 1930752 ----a-w- c:windowssystem32authui.dll2013-10-04 01:58 . 2013-11-13 09:00 152576 ----a-w- c:windowsSysWow64SmartcardCredentialProvider.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersCarbonite.Green]@="{95A27763-F62A-4114-9072-E81D87DE3B68}"[HKEY_CLASSES_ROOTCLSID{95A27763-F62A-4114-9072-E81D87DE3B68}]2012-08-29 19:51 1014344 ----a-r- c:program files (x86)CarboniteCarbonite BackupCarboniteNSE.dll.[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersCarbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOTCLSID{E300CD91-100F-4E67-9AF3-1384A6124015}]2012-08-29 19:51 1014344 ----a-r- c:program files (x86)CarboniteCarbonite BackupCarboniteNSE.dll.[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersCarbonite.Yellow]@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"[HKEY_CLASSES_ROOTCLSID{5E529433-B50E-4bef-A63B-16A6B71B071A}]2012-08-29 19:51 1014344 ----a-r- c:program files (x86)CarboniteCarbonite BackupCarboniteNSE.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]"LoadAppInit_DLLs"=1 (0x1).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]R3 GamesAppService;GamesAppService;c:program files (x86)WildTangent GamesAppGamesAppService.exe;c:program files (x86)WildTangent GamesAppGamesAppService.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:windowssystem32IEEtwCollector.exe;c:windowsSYSNATIVEIEEtwCollector.exe [x]R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:windowssystem32DRIVERSbtblan.sys;c:windowsSYSNATIVEDRIVERSbtblan.sys [x]R3 rcmirror;rcmirror;c:windowssystem32DRIVERSrcmirror.sys;c:windowsSYSNATIVEDRIVERSrcmirror.sys [x]R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:windowssystem32driversTsUsbGD.sys;c:windowsSYSNATIVEdriversTsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys;c:windowsSYSNATIVEDriversusbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe;c:program filesWindows LiveMeshwlcrasvc.exe [x]S0 SymDS;Symantec Data Store;c:windowssystem32driversN360x641501000.012SYMDS64.SYS;c:windowsSYSNATIVEdriversN360x641501000.012SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversN360x641501000.012SYMEFA64.SYS;c:windowsSYSNATIVEdriversN360x641501000.012SYMEFA64.SYS [x]S1 BHDrvx64;BHDrvx64;c:program files (x86)Norton Security SuiteNortonData21.1.0.18DefinitionsBASHDefs20131203.001BHDrvx64.sys;c:program files (x86)Norton Security SuiteNortonData21.1.0.18DefinitionsBASHDefs20131203.001BHDrvx64.sys [x]S1 ccSet_N360;N360 Settings Manager;c:windowssystem32driversN360x641501000.012ccSetx64.sys;c:windowsSYSNATIVEdriversN360x641501000.012ccSetx64.sys [x]S1 IDSVia64;IDSVia64;c:program files (x86)Norton Security SuiteNortonData21.1.0.18DefinitionsIPSDefs20131223.001IDSvia64.sys;c:program files (x86)Norton Security SuiteNortonData21.1.0.18DefinitionsIPSDefs20131223.001IDSvia64.sys [x]S1 SymIRON;Symantec Iron Driver;c:windowssystem32driversN360x641501000.012Ironx64.SYS;c:windowsSYSNATIVEdriversN360x641501000.012Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:windowssystem32driversN360x641501000.012SYMNETS.SYS;c:windowsSYSNATIVEdriversN360x641501000.012SYMNETS.SYS [x]S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe;c:windowsSYSNATIVEatiesrxx.exe [x]S2 HP Support Assistant Service;HP Support Assistant Service;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [x]S2 HPClientSvc;HP Client Services;c:program filesHewlett-PackardHP Client ServicesHPClientServices.exe;c:program filesHewlett-PackardHP Client ServicesHPClientServices.exe [x]S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [x]S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [x]S2 N360;Norton Security Suite;c:program files (x86)Norton Security SuiteEngine21.1.0.18N360.exe;c:program files (x86)Norton Security SuiteEngine21.1.0.18N360.exe [x]S2 NOBU;Norton Online Backup;c:program files (x86)SymantecNorton Online BackupNOBuAgent.exe SERVICE;c:program files (x86)SymantecNorton Online BackupNOBuAgent.exe SERVICE [x]S2 pdfcDispatcher;PDF Document Manager;c:program files (x86)PDF Completepdfsvc.exe;c:program files (x86)PDF Completepdfsvc.exe [x]S2 RoxioNow Service;RoxioNow Service;c:program files (x86)RoxioRoxioNow PlayerRNowSvc.exe;c:program files (x86)RoxioRoxioNow PlayerRNowSvc.exe [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys;c:program files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [x]S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys;c:windowsSYSNATIVEdriversmbam.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys;c:windowsSYSNATIVEDRIVERSRt64win7.sys [x]S3 usbfilter;AMD USB Filter Driver;c:windowssystem32driversusbfilter.sys;c:windowsSYSNATIVEdriversusbfilter.sys [x]..Contents of the 'Scheduled Tasks' folder.2013-12-24 c:windowsTasksAdobe Flash Player Updater.job- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-10 22:33].2013-12-24 c:windowsTasksGoogleUpdateTaskMachineCore.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-06-08 23:40].2013-12-24 c:windowsTasksGoogleUpdateTaskMachineUA.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-06-08 23:40].2013-12-24 c:windowsTasksHP Photo Creations Communicator.job- c:programdataHP Photo CreationsMessageCheck.exe [2012-04-02 01:31].2013-12-21 c:windowsTasksHPCeeScheduleForCarol.job- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersCarbonite.Green]@="{95A27763-F62A-4114-9072-E81D87DE3B68}"[HKEY_CLASSES_ROOTCLSID{95A27763-F62A-4114-9072-E81D87DE3B68}]2012-08-29 19:43 1284168 ----a-r- c:program filesCarboniteCarbonite BackupCarboniteNSE.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersCarbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOTCLSID{E300CD91-100F-4E67-9AF3-1384A6124015}]2012-08-29 19:43 1284168 ----a-r- c:program filesCarboniteCarbonite BackupCarboniteNSE.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersCarbonite.Yellow]@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"[HKEY_CLASSES_ROOTCLSID{5E529433-B50E-4bef-A63B-16A6B71B071A}]2012-08-29 19:43 1284168 ----a-r- c:program filesCarboniteCarbonite BackupCarboniteNSE.dll.[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce]"NCPluginUpdater"="c:program files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe" [2013-12-13 21720].------- Supplementary Scan -------.uLocal Page = c:windowssystem32blank.htmmLocal Page = c:windowsSysWOW64blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office12EXCEL.EXE/3000TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1FF - ProfilePath - c:usersCarolAppDataRoamingMozillaFirefoxProfilescvlu5oht.default.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)AddRemove-Coupon Printer for Windows5.0.0.2 - c:program files (x86)Couponsuninstall.exeAddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:program files (x86)InstallShield Installation Information{EE202411-2C26-49E8-9784-1BC1DBF7DE96}setup.exe...[HKEY_LOCAL_MACHINEsystemControlSet001servicesN360]"ImagePath"=""c:program files (x86)Norton Security SuiteEngine21.1.0.18N360.exe" /s "N360" /m "c:program files (x86)Norton Security SuiteEngine21.1.0.18diMaster.dll" /prefetch:1"--.[HKEY_LOCAL_MACHINEsystemControlSet001servicespdfcDispatcher]"ImagePath"="c:program files (x86)PDF Completepdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService""ImagePath"="SystemRootsystem32driversN360x641501000.012SYMNETS.SYS""TrustedImagePaths"="c:program files (x86)Norton Security SuiteEngine21.1.0.18;c:program files (x86)Norton Security SuiteEngine6421.1.0.18".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:Windowssystem32MacromedFlashFlashUtil64_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]@="0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]@Denied: (Full) (Everyone).Completion time: 2013-12-24 16:23:16ComboFix-quarantined-files.txt 2013-12-24 22:23.Pre-Run: 829,900,091,392 bytes freePost-Run: 829,346,488,320 bytes free.- - End Of File - - E3879CE1AF596FA530FBC489248D5A5C

Edited by lanemom56
Link to post
Share on other sites

LOL

Me and OTM just ain't getting along tonight!

 

Manually locate and delete that dang file.

C:UsersCarolDesktopZipExtractorSetup.exe

 

reboot and tell me whats happening now, your logs are coming back looking good.

Link to post
Share on other sites

OTM is gonna be on Santa's hit list :) I removed the file and rebooted. Still takes about 3 minutes from the "black screen" to loading the desktop, but at least we're getting rid of the malware. And thanks for your help, especially during the holidays.

Link to post
Share on other sites

Has this just been a recent thing that it takes a long time to boot?

I'm curious, have you tried safemode to see if it's quicker?....Reason I ask is because most items/services that load in normal mode do not in safe mode which generally means your security suite could be the culprit.

 

Let's try a couple of things.

 

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

 

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

[*]If an update is found, it will download and install the latest version.

[*]Once the program has loaded, select "Perform Quick Scan", then click Scan.

[*]The scan may take some time to finish,so please be patient.

[*]When the scan is complete, click OK, then Show Results to view the results.

[*]Make sure that everything is checked, and click Remove Selected.

[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

[*]Copy&Paste the entire report in your next reply.

[*]Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

If you already have MBAM on your computer open the tool, click on the update button. Let it check for updates then proceed to do a Quick scan, post the log.

 

~~~~~~~~~~~~~~~~~~~~~~~~~``

 

Download HijackThis .

[*]Save HijackThis.exe to your desktop.

[*]Doubleclick on the HijackThis.exe icon on your desktop.

[*]By default it will install to C:Program FilesTrend MicroHijackThis .

[*]Click on Install.

[*]It will create a HijackThis icon on the desktop.

[*]Once installed, it will launch Hijackthis.

[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.

[*]Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

[*]DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.

Link to post
Share on other sites

Here's the Malware log. Working on the Hijack one. This is a recent issue. It does seem to boot a little faster in Safemode.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.25.03Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Carol :: CAROL-HP [administrator]Protection: Enabled12/25/2013 8:17:36 AMmbam-log-2013-12-25 (08-17-36).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 292331Time elapsed: 3 minute(s), 45 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:$RECYCLE.BINS-1-5-21-2453101923-3033953639-3450091976-1001$R6J7K7T.exe (PUP.Optional.JumpyApps) -> Quarantined and deleted successfully.(end)

Edited by lanemom56
Link to post
Share on other sites

And here's the Hijack log. I didn't allow it to fix anything yet.

 

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:28:08 AM, on 12/25/2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.16428)Boot mode: NormalRunning processes:C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exeC:Program Files (x86)Trend MicroHiJackThisHiJackThis.exeC:WindowsSysWOW64NOTEPAD.EXEC:WindowsSysWOW64DllHost.exeR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htmR1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.localR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Security SuiteEngine21.1.0.18coIEPlg.dllO2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Security SuiteEngine21.1.0.18IPSIPSBHO.DLLO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dllO2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Security SuiteEngine21.1.0.18coIEPlg.dllO4 - HKLM..RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:ProgramDataMalwarebytesMalwarebytes' Anti-Malwarecleanup.dll",ProcessCleanupScriptO9 - Extra button: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dllO9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:Program Files (x86)Hewlett-PackardSmartPrintsmartprintsetup.exeO9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:Program Files (x86)Hewlett-PackardSmartPrintsmartprintsetup.exeO9 - Extra button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exeO9 - Extra 'Tools' menuitem: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exeO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~1Office12ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~1Office12ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~1Office12REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dllO10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabO16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CABO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dllO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exeO23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:Program FilesCarboniteCarbonite Backupcarboniteservice.exeO23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)O23 - Service: GamesAppService - WildTangent, Inc. - C:Program Files (x86)WildTangent GamesAppGamesAppService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exeO23 - Service: Google Updater Service (gusvc) - Google - C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exeO23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exeO23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exeO23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exeO23 - Service: @%SystemRoot%system32ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:Windowssystem32IEEtwCollector.exe (file missing)O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:Program Files (x86)Norton Security SuiteEngine21.1.0.18N360.exeO23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exeO23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:Program Files (x86)PDF Completepdfsvc.exeO23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)O23 - Service: RoxioNow Service - Roxio - C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exeO23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)--End of file - 10738 bytes

Link to post
Share on other sites

After you ran MBAM, did you reboot the machine?

Check the recycle bin to ensure nothing is in there.

 

Has there been a recent update to Nortons?.....reason is from what I can see and the tools we've run, the malware is gone.

 

 

MBAM shouldn't being running from bootup unless it's the Pro version?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

[*]Download RogueKiller and save it to your desktop.

[*]http://www.bleepingcomputer.com/download/roguekiller/

[*]Quit all other programs

[*]Double-click RogueKiller.exe

[*]Wait until the Prescan has finished then click Accept to the EULA.

[*]Click on Scan

Posted Image

[*]Wait for the end of the scan then click Report.

[*]Please copy/paste the contents of the RKreport[1].txt log in your next reply.

Link to post
Share on other sites

Yes, I rebooted after running MBAM. I do have the Pro version and have it set to scan daily. I can't think of any updates that have come through that would cause the slow boot time, but if the system if clear of malware, I can live with it. Here's the log from Rogue Killer:

 

RogueKiller V8.7.13 [Dec 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Carol [Admin rights]Mode : Scan -- Date : 12/25/2013 22:41:43| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[HJ POL][PUM] HKLM[...]System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM[...]Wow6432Node[...]System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKLM[...]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM[...]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 4 ¤¤¤[V2][sUSP PATH] ArcadeParlor : C:UsersCarolAppDataLocalArcadeParlorversioncheck.exe [x] -> FOUND[V2][sUSP PATH] IHSelfDeleteTASK : CMD - /C DEL C:UsersCarolAppDataLocalTempIHU7530.tmp.exe [x][x] -> FOUND[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:UsersCarolAppDataLocalTempIHU7280.tmp.exe [x][x] -> FOUND[V2][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:ProgramDataCarboniteCarbonite BackupCarboniteUpgrade.exe" - /silent $(Arg0) [7][x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%System32driversetchosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (.PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA332 SATA Disk Device +++++--- User ---[MBR] d8404a1a282f4c4977a383ecc5cfe844[bSP] 9f5a9eeeca7b1d664230071c0aa56aac : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942354 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930147840 | Size: 11413 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] d92975d0996839da3bdea53edf67dc5e[bSP] d754bebfc730a4d50e4b85f3ee0e96e1 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo+++++ PhysicalDrive1: (.PHYSICALDRIVE1 @ USB) Generic- SD/MMC USB Device +++++Error reading User MBR! ([0x15] The device is not ready. )User = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. )+++++ PhysicalDrive2: (.PHYSICALDRIVE2 @ USB) Generic- Compact Flash USB Device +++++Error reading User MBR! ([0x15] The device is not ready. )User = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. )+++++ PhysicalDrive3: (.PHYSICALDRIVE3 @ USB) Generic- SM/xD-Picture USB Device +++++Error reading User MBR! ([0x15] The device is not ready. )User = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. )+++++ PhysicalDrive4: (.PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++Error reading User MBR! ([0x15] The device is not ready. )User = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. )Finished : << RKreport[0]_S_12252013_224143.txt >>

Link to post
Share on other sites

[*]Quit all other programs

[*]Double-click RogueKiller.exe

[*]Wait until the Prescan has finished then click 'Accept' to the EULA.

[*]Click on Scan

Posted Image

[*]Wait for the end of the scan.

[*]Click on the Delete button

Posted Image

[*]Another report will be created on your desktop.

Please post all of the RKreport.txt text files located on your desktop.

Link to post
Share on other sites

Here's the latest log:

 

RogueKiller V8.7.13 [Dec 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Carol [Admin rights]Mode : Remove -- Date : 12/26/2013 18:06:27| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[HJ POL][PUM] HKLM[...]System : DisableRegistryTools (0) -> DELETED[HJ POL][PUM] HKLM[...]Wow6432Node[...]System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.[HJ DESK][PUM] HKLM[...]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[HJ DESK][PUM] HKLM[...]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)¤¤¤ Scheduled tasks : 4 ¤¤¤[V2][sUSP PATH] ArcadeParlor : C:UsersCarolAppDataLocalArcadeParlorversioncheck.exe [x] -> DELETED[V2][sUSP PATH] IHSelfDeleteTASK : CMD - /C DEL C:UsersCarolAppDataLocalTempIHU7530.tmp.exe [x][x] -> DELETED[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:UsersCarolAppDataLocalTempIHU7280.tmp.exe [x][x] -> DELETED[V2][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:ProgramDataCarboniteCarbonite BackupCarboniteUpgrade.exe" - /silent $(Arg0) [7][x] -> DELETED¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%System32driversetchosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (.PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA332 SATA Disk Device +++++--- User ---[MBR] d8404a1a282f4c4977a383ecc5cfe844[bSP] 9f5a9eeeca7b1d664230071c0aa56aac : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942354 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930147840 | Size: 11413 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] d92975d0996839da3bdea53edf67dc5e[bSP] d754bebfc730a4d50e4b85f3ee0e96e1 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo+++++ PhysicalDrive1: (.PHYSICALDRIVE1 @ USB) Generic- SD/MMC USB Device +++++Error reading User MBR! ([0x15] The device is not ready. )User = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. )+++++ PhysicalDrive2: (.PHYSICALDRIVE2 @ USB) Generic- Compact Flash USB Device +++++Error reading User MBR! ([0x15] The device is not ready. )User = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. )+++++ PhysicalDrive3: (.PHYSICALDRIVE3 @ USB) Generic- SM/xD-Picture USB Device +++++Error reading User MBR! ([0x15] The device is not ready. )User = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. )+++++ PhysicalDrive4: (.PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++Error reading User MBR! ([0x15] The device is not ready. )User = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. )Finished : << RKreport[0]_D_12262013_180627.txt >>RKreport[0]_S_12252013_224143.txt;RKreport[0]_S_12262013_180616.txt

Link to post
Share on other sites

This is just a thought and you don't have to do this, Disable Norton/Symantec programs

Then reboot to see if they have any influence on bootup time.

Of course if you do this re-enable as soon as possible.

 

It's just a test.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...