WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Problems with popus etc [Closed]

Started by mommajayne , Sep 01 2014 04:23 PM

This topic is locked

22 replies to this topic

#1 mommajayne

Authentic Member

Authentic Member
43 posts

Posted 01 September 2014 - 04:23 PM

Hi. Been having problems with pop ups of late. Get new pages opening up, also the one that lists the 855-412-1786 number. As well as worldwidewebcoupons showing up in searches and pop us. Here is my hijack this log.

Thanks.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:17:23 PM, on 9/1/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16563)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\raypahl\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [cdloader] "C:\Users\raypahl\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [736701A46C7D59E46F8F7D9F95111119F406C6DA._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\RunOnce: [Application Restart #5] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --extensions-on-chrome-urls --test-type --load-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\app" --flag-switches-begin --enable-experimental-extension-apis --flag-switches-end --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94FA59CE-8C9A-4984-B67B-149BBF13BD4C}: NameServer = 8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17185 bytes

Advertisements

Register to Remove

#2 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 02 September 2014 - 05:58 AM

Hello mommajayne, welcome to WhatTheTech's Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png

======================================================

Please read through the points below to ensure this process moves as quickly and efficiently as possible.

Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
Please backup important documents before proceeding with my instructions.
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.

======================================================

Please run the following diagnostic scans so I can ascertain the state of your computer.

STEP 1
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

Please download TDSSKiller and save the file to your Desktop.
Right-Click TDSSKiller.exe and select Run as administrator to run the programme.
Click Change parameters. Place a checkmark next to Detect TDLFS file system.
Click Start Scan. Do not use the computer during the scan.
If objects are found, change the action to skip.
Click Continue and close the window.
A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply.

======================================================

STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

FRST.txt
Addition.txt
TDSSKiller log

Would you like to help others with malware removal? Join our Classroom and learn how!

#3 mommajayne

Authentic Member

Authentic Member
43 posts

Posted 03 September 2014 - 12:08 PM

Thanks so much Adam, my name is Deb.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02

Ran by raypahl (administrator) on RAYPAHL-PC on 03-09-2014 12:52:10

Running from C:\Users\raypahl\Desktop

Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\stacsv64.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe

() C:\Program Files (x86)\SMINST\BLService.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe

( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Microsoft Corporation) C:\Windows\System32\wercon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\nacl64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915000 2009-01-08] (Hewlett-Packard)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [170496 2009-03-06] (Sun Microsystems, Inc.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [463360 2009-01-28] (IDT, Inc.)

HKLM-x32\...\Run: [DVDAgent] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)

HKLM-x32\...\Run: [TVAgent] => C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [202024 2009-05-11] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-01-13] (CyberLink Corp.)

HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdatePDIRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)

HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [484408 2009-01-23] (Hewlett-Packard)

HKLM-x32\...\Run: [TSMAgent] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-29] (CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-29] (CyberLink)

HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)

HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [cdloader] => C:\Users\raypahl\AppData\Roaming\mjusbsp\cdloader2.exe [50520 2009-08-01] (magicJack L.P.)

HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-15] (Google Inc.)

HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)

HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-06-18] (Electronic Arts)

HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)

HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [736701A46C7D59E46F8F7D9F95111119F406C6DA._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)

HKU\S-1-5-21-513785977-584283709-202011636-1000\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)

HKU\S-1-5-21-513785977-584283709-202011636-1000\...\MountPoints2: {6463d860-7665-11de-9a1c-00235aa2c19d} - G:\autorun.exe

HKU\S-1-5-21-513785977-584283709-202011636-1000\...\MountPoints2: {edf1cabe-19b1-11df-b12b-00235aa2c19d} - G:\laucher.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk

ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://groovorio.com...r=825122000&ir=

SearchScopes: HKLM - {7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1} URL = http://search.live.c...ms}&FORM=HPNTDF

SearchScopes: HKLM - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl

SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://start.mysearc...r=875945969&ir=

SearchScopes: HKLM-x32 - {7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1} URL = http://search.live.c...ms}&FORM=HPNTDF

SearchScopes: HKLM-x32 - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl

SearchScopes: HKCU - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl

SearchScopes: HKCU - {E4F9E70D-278C-4DF1-9FC5-BE3696B95E75} URL = http://websearch.ask...5A-4FFF2E2DCE65

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll (WhiteSky)

BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

DPF: HKLM-x32 {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{94FA59CE-8C9A-4984-B67B-149BBF13BD4C}: [NameServer] 8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-21]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-09-01]

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-12]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-30]

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:

=======

CHR HomePage: Default ->

CHR StartupUrls: Default -> "hxxp://www.facebook.com/", "hxxp://www.google.com/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-23]

CHR Extension: (YouTube) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-15]

CHR Extension: (Google Search) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-15]

CHR Extension: (Bamboo Spear) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakplngdcboeilofopihpjnoeclenhmn [2014-06-09]

CHR Extension: (ForMATsConnverte) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikibmcaiaglfhgchhnjcnngloanbafb [2014-04-14]

CHR Extension: (Zoominto) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnkoafephiilajeompiffeohpcloapob [2014-07-03]

CHR Extension: (AdBlock) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-01]

CHR Extension: (Kindle Cloud Reader) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-03-31]

CHR Extension: (Norton Identity Safe) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-18]

CHR Extension: (Norton Identity Protection) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-13]

CHR Extension: (Google Wallet) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

CHR Extension: (Gmail) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-15]

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\raypahl\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-12-22]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-16]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe [88576 2008-11-17] (Andrea Electronics Corporation)

R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-23] ()

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-11-25] ()

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe [290304 2009-01-28] (IDT, Inc.)

R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()

R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))

S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-05-10] (Zemana Ltd.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-12] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-20] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)

R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-02] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.019\ENG64.SYS [129752 2014-08-27] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.019\EX64.SYS [2137304 2014-08-27] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-22] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-11] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)

R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMTDIV.SYS [510168 2014-07-23] (Symantec Corporation)

R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)

U4 eabfiltr; No ImagePath

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 12:52 - 2014-09-03 12:53 - 00033709 _____ () C:\Users\raypahl\Desktop\FRST.txt

2014-09-03 12:51 - 2014-09-03 12:52 - 00000000 ____D () C:\FRST

2014-09-03 12:50 - 2014-09-03 12:50 - 02104832 _____ (Farbar) C:\Users\raypahl\Desktop\frst64.exe

2014-09-03 12:49 - 2014-09-03 12:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\raypahl\Desktop\tdsskiller.exe

2014-09-03 12:48 - 2014-09-03 12:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\raypahl\Downloads\tdsskiller.exe

2014-09-01 17:17 - 2014-09-01 17:17 - 00017187 _____ () C:\Users\raypahl\Desktop\hijackthis901.txt

2014-09-01 17:16 - 2014-09-01 17:17 - 00017187 _____ () C:\Users\raypahl\Desktop\hijackthis.log

2014-09-01 16:23 - 2014-09-01 16:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Downloads\HiJackThis (2).exe

2014-09-01 16:21 - 2014-09-01 16:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Downloads\HiJackThis (1).exe

2014-08-29 03:02 - 2014-08-22 20:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 03:02 - 2014-08-22 19:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 03:02 - 2014-08-22 18:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-25 23:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-08-25 23:08 - 2014-08-28 23:22 - 00000000 ____D () C:\AdwCleaner

2014-08-25 22:22 - 2014-08-25 22:22 - 00000004 _____ () C:\Users\raypahl\AppData\Roaming\appdataFr2.bin

2014-08-25 21:54 - 2014-08-25 21:54 - 05572640 _____ (383 Media, Inc.) C:\Users\raypahl\Downloads\DriverRestore.exe

2014-08-25 17:11 - 2014-08-25 17:11 - 04814696 _____ (Piriform Ltd) C:\Users\raypahl\Downloads\ccsetup416pro.exe

2014-08-25 16:46 - 2014-09-02 05:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-25 16:45 - 2014-08-31 07:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-25 16:45 - 2014-08-25 16:45 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-25 16:45 - 2014-08-25 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-25 16:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-25 16:45 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-25 16:30 - 2014-08-25 16:30 - 00020212 _____ () C:\Users\raypahl\Downloads\hijackthis.log

2014-08-25 16:28 - 2014-08-25 16:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Desktop\HijackThis.exe

2014-08-22 09:09 - 2014-08-22 09:17 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\OpenSoftwareUpdater

2014-08-22 09:01 - 2014-08-22 09:02 - 00376856 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater (1).exe

2014-08-18 18:12 - 2014-08-18 18:12 - 00376824 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater.exe

2014-08-18 08:23 - 2014-08-18 08:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite

2014-08-16 03:04 - 2014-06-26 17:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-16 03:04 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-16 03:04 - 2014-06-26 17:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-16 03:04 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-16 03:04 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-16 03:04 - 2014-06-26 17:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-16 03:04 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-16 03:03 - 2014-06-05 23:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-15 18:11 - 2014-07-24 14:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-15 18:11 - 2014-07-24 14:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-15 18:11 - 2014-07-24 14:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-15 18:11 - 2014-07-24 14:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-15 18:11 - 2014-07-24 14:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-15 18:11 - 2014-07-24 14:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-15 18:11 - 2014-07-24 14:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-08-15 18:11 - 2014-07-24 14:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-15 18:11 - 2014-07-24 14:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-15 18:11 - 2014-07-24 14:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-08-15 18:11 - 2014-07-24 14:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-15 18:11 - 2014-07-24 14:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-15 18:11 - 2014-07-24 14:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-15 18:11 - 2014-07-24 14:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-15 18:11 - 2014-07-24 14:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-15 18:11 - 2014-07-24 14:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-15 18:11 - 2014-07-24 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-15 18:11 - 2014-07-24 14:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-08-15 18:11 - 2014-07-24 14:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-08-15 18:11 - 2014-07-24 14:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-08-15 18:11 - 2014-07-24 14:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-15 18:11 - 2014-07-24 13:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-15 18:11 - 2014-07-24 12:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-15 18:11 - 2014-07-24 12:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-15 18:11 - 2014-07-24 12:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-15 18:11 - 2014-07-24 12:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-15 18:11 - 2014-07-24 12:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-15 18:11 - 2014-07-24 12:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-08-15 18:11 - 2014-07-24 12:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-15 18:11 - 2014-07-24 12:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-15 18:11 - 2014-07-24 12:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-08-15 18:11 - 2014-07-24 12:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-15 18:11 - 2014-07-24 12:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-15 18:11 - 2014-07-24 12:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-15 18:11 - 2014-07-24 12:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-15 18:11 - 2014-07-24 12:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-15 18:11 - 2014-07-24 12:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-15 18:11 - 2014-07-24 12:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-15 18:11 - 2014-07-24 12:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-08-15 18:11 - 2014-07-24 12:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-08-15 18:11 - 2014-07-24 12:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-08-15 18:11 - 2014-07-24 12:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-15 18:10 - 2014-07-07 20:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-15 18:10 - 2014-07-07 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-15 18:10 - 2014-06-13 19:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-15 18:10 - 2014-06-13 19:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2014-08-15 17:56 - 2014-06-02 16:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-15 17:56 - 2014-06-02 16:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-15 17:56 - 2014-06-02 16:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-15 17:56 - 2014-06-02 16:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2014-08-15 17:56 - 2014-06-02 15:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-15 17:56 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-15 17:56 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-15 17:56 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-11 05:46 - 2014-08-25 21:35 - 00000000 ____D () C:\ProgramData\GetDiscountApp

2014-08-07 13:48 - 2014-08-07 13:48 - 00000000 ____D () C:\Users\raypahl\Documents\My Scans

2014-08-05 03:32 - 2014-08-05 03:32 - 00000000 ____D () C:\Users\raypahl\Downloads\ge

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 12:53 - 2014-09-03 12:52 - 00033709 _____ () C:\Users\raypahl\Desktop\FRST.txt

2014-09-03 12:53 - 2012-08-15 05:37 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-03 12:52 - 2014-09-03 12:51 - 00000000 ____D () C:\FRST

2014-09-03 12:50 - 2014-09-03 12:50 - 02104832 _____ (Farbar) C:\Users\raypahl\Desktop\frst64.exe

2014-09-03 12:48 - 2014-09-03 12:49 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\raypahl\Desktop\tdsskiller.exe

2014-09-03 12:48 - 2014-09-03 12:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\raypahl\Downloads\tdsskiller.exe

2014-09-03 12:42 - 2012-03-30 23:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-03 11:15 - 2011-09-30 18:25 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite

2014-09-03 11:14 - 2014-05-02 08:06 - 00003702 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{63273914-070F-423C-8DEA-C435739090F0}

2014-09-03 11:08 - 2011-09-30 18:26 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\ID Vault

2014-09-03 11:07 - 2009-07-29 09:34 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-09-03 11:04 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-03 11:04 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-03 06:37 - 2009-06-13 22:34 - 01494615 _____ () C:\Windows\WindowsUpdate.log

2014-09-03 06:18 - 2012-08-15 05:37 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-02 05:41 - 2014-08-25 16:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-01 17:17 - 2014-09-01 17:17 - 00017187 _____ () C:\Users\raypahl\Desktop\hijackthis901.txt

2014-09-01 17:17 - 2014-09-01 17:16 - 00017187 _____ () C:\Users\raypahl\Desktop\hijackthis.log

2014-09-01 16:43 - 2013-12-22 21:34 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\PhotoScape

2014-09-01 16:42 - 2011-10-05 06:39 - 00000000 ____D () C:\Users\raypahl\AppData\Local\CrashDumps

2014-09-01 16:36 - 2013-10-18 22:46 - 00000000 ____D () C:\Program Files\CCleaner

2014-09-01 16:36 - 2009-03-06 02:08 - 00003584 _____ () C:\Windows\System32\Tasks\HP Health Check

2014-09-01 16:34 - 2013-12-22 22:18 - 00000000 ___RD () C:\Users\raypahl\Google Drive

2014-09-01 16:34 - 2011-09-30 18:26 - 00000000 ____D () C:\ID Vault

2014-09-01 16:30 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-01 16:29 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\security

2014-09-01 16:28 - 2009-03-06 00:13 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-09-01 16:28 - 2006-11-02 10:42 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-01 16:23 - 2014-09-01 16:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Downloads\HiJackThis (2).exe

2014-09-01 16:21 - 2014-09-01 16:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Downloads\HiJackThis (1).exe

2014-08-31 07:46 - 2014-08-25 16:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-30 08:07 - 2011-10-30 10:04 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\HpUpdate

2014-08-29 03:21 - 2006-11-02 10:21 - 00324312 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-28 23:30 - 2011-09-30 18:26 - 00000000 ____D () C:\Users\raypahl\AppData\Local\ID Vault

2014-08-28 23:22 - 2014-08-25 23:08 - 00000000 ____D () C:\AdwCleaner

2014-08-25 23:39 - 2009-07-21 21:55 - 00000000 ____D () C:\Program Files (x86)\Yahoo!

2014-08-25 22:22 - 2014-08-25 22:22 - 00000004 _____ () C:\Users\raypahl\AppData\Roaming\appdataFr2.bin

2014-08-25 21:54 - 2014-08-25 21:54 - 05572640 _____ (383 Media, Inc.) C:\Users\raypahl\Downloads\DriverRestore.exe

2014-08-25 21:52 - 2012-03-30 23:58 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-08-25 21:52 - 2012-03-30 23:57 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-08-25 21:52 - 2011-09-30 18:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-25 21:35 - 2014-08-11 05:46 - 00000000 ____D () C:\ProgramData\GetDiscountApp

2014-08-25 21:27 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\Provisioning

2014-08-25 21:22 - 2014-07-05 15:25 - 00000000 ____D () C:\ProgramData\RoyaalShopperApp

2014-08-25 21:22 - 2014-05-21 06:01 - 00000000 ____D () C:\ProgramData\LuucakySShoPppEr

2014-08-25 18:56 - 2014-03-17 12:01 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-08-25 18:53 - 2011-10-12 14:02 - 00000000 ____D () C:\Windows\Minidump

2014-08-25 18:53 - 2009-03-06 01:34 - 00000000 ____D () C:\Windows\panther

2014-08-25 18:47 - 2013-10-18 22:46 - 00000770 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-08-25 18:47 - 2013-10-18 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-08-25 17:11 - 2014-08-25 17:11 - 04814696 _____ (Piriform Ltd) C:\Users\raypahl\Downloads\ccsetup416pro.exe

2014-08-25 16:45 - 2014-08-25 16:45 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-25 16:45 - 2014-08-25 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-25 16:45 - 2013-10-18 22:47 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\Malwarebytes

2014-08-25 16:45 - 2013-10-18 22:43 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-25 16:30 - 2014-08-25 16:30 - 00020212 _____ () C:\Users\raypahl\Downloads\hijackthis.log

2014-08-25 16:30 - 2009-07-21 13:22 - 00000000 ____D () C:\Users\raypahl\AppData\Local\VirtualStore

2014-08-25 16:29 - 2014-08-25 16:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Desktop\HijackThis.exe

2014-08-23 08:01 - 2009-03-06 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-08-22 20:49 - 2012-08-15 05:39 - 00001985 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-08-22 20:48 - 2012-08-15 05:37 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-08-22 20:48 - 2012-08-15 05:37 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-08-22 20:05 - 2014-08-29 03:02 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 19:42 - 2014-08-29 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 18:38 - 2014-08-29 03:02 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-22 09:34 - 2009-07-21 13:29 - 00079888 _____ () C:\Users\raypahl\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-22 09:17 - 2014-08-22 09:09 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\OpenSoftwareUpdater

2014-08-22 09:02 - 2014-08-22 09:01 - 00376856 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater (1).exe

2014-08-18 18:12 - 2014-08-18 18:12 - 00376824 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater.exe

2014-08-18 08:23 - 2014-08-18 08:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite

2014-08-18 08:15 - 2013-07-11 04:21 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-08-18 08:15 - 2011-10-07 07:07 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64

2014-08-18 08:14 - 2013-12-12 05:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite

2014-08-18 08:14 - 2011-10-07 07:08 - 00002174 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk

2014-08-16 04:24 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache

2014-08-16 04:08 - 2006-11-02 07:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-16 03:59 - 2009-03-06 01:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-08-16 03:31 - 2013-08-14 03:11 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-16 03:22 - 2006-11-02 07:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-08-08 03:19 - 2013-08-24 14:09 - 00000000 ____D () C:\Users\raypahl\Documents\deb

2014-08-07 13:48 - 2014-08-07 13:48 - 00000000 ____D () C:\Users\raypahl\Documents\My Scans

2014-08-05 03:32 - 2014-08-05 03:32 - 00000000 ____D () C:\Users\raypahl\Downloads\ge

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-02 04:45

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02

Ran by raypahl at 2014-09-03 12:54:14

Running from C:\Users\raypahl\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510gm_Help (x32 Version: 000.0.440.000 - Hewlett-Packard) Hidden

4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden

4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)

Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)

Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)

AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)

Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

CallAtlanta (HKLM-x32\...\{206A595B-6ED6-4547-9293-C448139826EC}) (Version: 8.6.0 - Primerica Financial Services)

CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)

Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.425.1 - Comcast)

CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2512 - CyberLink Corp.)

CyberLink DVD Suite (x32 Version: 6.0.2512 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden

DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden

DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)

ENE CIR Receiver Driver (12/30/2008 2.7.2.0) (HKLM\...\703AB19C282B6ED3F1D3CE92F8DAA864B68A7C91) (Version: 12/30/2008 2.7.2.0 - ENE)

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)

Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)

HP Common Access Service Library (x32 Version: 2.00 E6 - Hewlett-Packard) Hidden

HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)

HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)

HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)

HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2328 - Hewlett-Packard)

HP MediaSmart DVD (x32 Version: 2.1.2328 - Hewlett-Packard) Hidden

HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2829 - Hewlett-Packard)

HP MediaSmart Music/Photo/Video (x32 Version: 2.2.2829 - Hewlett-Packard) Hidden

HP MediaSmart SlingPlayer (HKLM-x32\...\HP.MediaSmartSlingPlayer_is1) (Version: 2.1 - Sling Media, Inc.)

HP MediaSmart SmartMenu (HKLM\...\{0BC595C4-F736-4EB4-A1C0-32C7E81800F0}) (Version: 2.1.10 - Hewlett-Packard)

HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.1.1709 - Hewlett-Packard)

HP MediaSmart TV (x32 Version: 2.1.1709 - Hewlett-Packard) Hidden

HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.2.1621 - Hewlett-Packard)

HP MediaSmart Webcam (x32 Version: 2.2.1621 - Hewlett-Packard) Hidden

HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)

HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)

HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)

HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5991.2847 - Hewlett-Packard)

HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HP User Guides 0135 (HKLM-x32\...\{372ED957-0FB5-487B-B51A-388B3D393F7A}) (Version: 1.01.0000 - Hewlett-Packard)

HP Wireless Assistant (HKLM-x32\...\{462DED50-EC2E-4237-ABCF-B5C463C0EE51}) (Version: 3.50.3.1 - Hewlett-Packard)

HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6146.0 - IDT)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)

iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java™ 6 Update 12 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416012FF}) (Version: 6.0.120 - Sun Microsystems, Inc.)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1312 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.1312 - CyberLink Corp.) Hidden

LightScribe System Software 1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)

Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Live Search Toolbar (HKLM-x32\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)

My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)

Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden

Norton Security Suite (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)

OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)

Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)

PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2512 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.2512 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2512 - CyberLink Corp.)

PowerDirector (x32 Version: 7.0.2512 - CyberLink Corp.) Hidden

ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)

QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)

Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)

Slingbox - Watch Your TV Anywhere (HKLM-x32\...\{7B798B31-2F33-4DC8-BDA4-D36488E86636}) (Version: 1.0.0 - Sling Media)

SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)

SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden

SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)

Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)

The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)

The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)

The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)

The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)

Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden

TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax 2012 wiliper (x32 Version: 012.000.1498 - Intuit Inc.) Hidden

TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden

TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden

TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden

TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.31 - WildTangent)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WinTOTAL (HKLM-x32\...\{0A482964-EC0F-4E65-A51E-CC42CEBD2E58}) (Version: - )

Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.3.20131014 - Xilisoft)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

22-06-2014 15:11:34 Scheduled Checkpoint

23-06-2014 20:48:58 Scheduled Checkpoint

05-07-2014 23:09:26 Scheduled Checkpoint

06-07-2014 14:54:48 Scheduled Checkpoint

09-07-2014 08:00:15 Windows Update

26-07-2014 08:00:47 Windows Update

13-08-2014 02:00:35 Scheduled Checkpoint

14-08-2014 05:00:02 Scheduled Checkpoint

16-08-2014 03:21:21 Scheduled Checkpoint

16-08-2014 08:00:29 Windows Update

16-08-2014 23:23:07 Scheduled Checkpoint

22-08-2014 16:22:09 Scheduled Checkpoint

23-08-2014 12:57:06 Installed HP Update.

26-08-2014 03:00:05 Removed Ask Toolbar

26-08-2014 03:02:21 Removed Ask Toolbar

26-08-2014 04:32:54 Removed Juno Preloader

26-08-2014 04:34:59 Removed NetZero Preloader

29-08-2014 08:00:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {0FFABCD4-278F-42C5-B6B8-107B8E0BD779} - \MySearchDial No Task File <==== ATTENTION

Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {1E47DECC-A445-437E-BA49-BF68A0FE709D} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)

Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)

Task: {2676CF9D-8246-4E69-9166-E93FAAEF4707} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-25] (Adobe Systems Incorporated)

Task: {26A14F59-C4B7-4635-B55E-D549FC37A5F6} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {29F9C852-B915-4224-BCE9-CDDE1720D11E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {53AE83B5-2779-48D8-9291-D9D25528EF92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {6E74CFCE-FF9D-417D-9884-56337FA84896} - System32\Tasks\HPCeeScheduleForraypahl => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)

Task: {7270E50C-102D-4B33-907A-B441C7D003B6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)

Task: {72735A21-F669-4478-AE2E-E5032437DA55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-15] (Google Inc.)

Task: {7AE1E7BC-FB9F-4ECA-90D9-07B5675C3513} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {7F356BA2-6175-4E85-B1AA-6A9A6529A56A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-15] (Google Inc.)

Task: {9CCC667C-EEF3-4029-8EE4-EE411D4E7A07} - \Groovorio Updater No Task File <==== ATTENTION

Task: {C4A2780D-68B8-4F95-A118-6E5DD88047E0} - System32\Tasks\NetworkWizardHNW => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-12-17] ()

Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()

Task: {F1351889-C902-458D-940D-9EEB132FCC88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForraypahl.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

Task: C:\Windows\Tasks\updaterex.job => C:\Users\raypahl\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2009-03-06 02:02 - 2008-12-23 19:18 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe

2009-03-06 01:55 - 2008-11-25 18:29 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2008-11-26 19:13 - 2008-11-26 19:13 - 00296320 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

2008-11-26 19:13 - 2008-11-26 19:13 - 00116096 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

2008-11-26 19:12 - 2008-11-26 19:12 - 00074536 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus64.dll

2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

2014-04-14 14:41 - 2014-04-14 14:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2009-03-06 02:02 - 2008-12-23 19:18 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll

2009-03-06 01:55 - 2008-11-25 18:29 - 00034088 _____ () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll

2008-11-26 19:13 - 2008-11-26 19:13 - 00263560 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll

2008-11-26 19:13 - 2008-11-26 19:13 - 00038184 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll

2007-07-12 15:55 - 2007-07-12 15:55 - 01581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

2007-08-14 15:59 - 2007-08-14 15:59 - 06365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

2007-07-12 15:55 - 2007-07-12 15:55 - 00131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

2014-04-28 15:32 - 2014-04-28 15:32 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll

2008-11-26 19:13 - 2008-11-26 19:13 - 00349480 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll

2009-04-29 22:11 - 2009-04-29 22:11 - 00906536 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

2014-09-01 16:33 - 2014-09-01 16:33 - 00098816 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32api.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00110080 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\pywintypes27.dll

2014-09-01 16:33 - 2014-09-01 16:33 - 00364544 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\pythoncom27.dll

2014-09-01 16:33 - 2014-09-01 16:33 - 00044032 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\_socket.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 01157120 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\_ssl.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00320512 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32com.shell.shell.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00712192 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\_hashlib.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 01175040 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._core_.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00805888 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._gdi_.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00811008 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._windows_.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 01062400 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._controls_.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00735232 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._misc_.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00128512 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\_elementtree.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00127488 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\pyexpat.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00557056 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\pysqlite2._sqlite.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00087040 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\_ctypes.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00119808 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32file.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00108544 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32security.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00018432 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32event.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00038912 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32inet.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00122368 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._wizard.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00070656 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._html2.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00026624 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\_multiprocessing.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00010240 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\select.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00024064 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32pipe.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00686080 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\unicodedata.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00025600 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32pdh.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00525640 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\windows._lib_cacheinvalidation.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00011264 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32crypt.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00035840 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32process.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00017408 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32profile.pyd

2014-09-01 16:33 - 2014-09-01 16:33 - 00022528 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32ts.pyd

2014-08-22 20:48 - 2014-08-06 22:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll

2014-08-22 20:49 - 2014-08-06 22:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll

2014-08-22 20:48 - 2014-08-06 22:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

2014-08-22 20:48 - 2014-08-06 22:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (1).eml:OECustomProperty

AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (2).eml:OECustomProperty

AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (3).eml:OECustomProperty

AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (4).eml:OECustomProperty

AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (5).eml:OECustomProperty

AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (6).eml:OECustomProperty

AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (09/03/2014 00:27:32 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program chrome.exe version 36.0.1985.143 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.

Process ID: 1208

Start Time: 01cfc632cf500093

Termination Time: 20

Error: (09/03/2014 07:28:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 9531

Error: (09/03/2014 07:28:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 9531

Error: (09/03/2014 07:28:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2014 07:28:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8517

Error: (09/03/2014 07:28:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8517

Error: (09/03/2014 07:28:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2014 07:28:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7238

Error: (09/03/2014 07:28:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7238

Error: (09/03/2014 07:28:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

System errors:

=============

Error: (09/01/2014 04:35:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Windows Presentation Foundation Font Cache 3.0.0.0%%1053

Error: (09/01/2014 04:35:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Windows Presentation Foundation Font Cache 3.0.0.0

Error: (09/01/2014 04:33:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (09/01/2014 04:27:14 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (09/01/2014 06:11:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: 30000Wlansvc

Error: (08/31/2014 04:24:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: 30000Wlansvc

Error: (08/29/2014 07:21:42 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (08/29/2014 06:06:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: 30000Wlansvc

Error: (08/29/2014 03:24:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (08/29/2014 02:20:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Windows Presentation Foundation Font Cache 3.0.0.0%%1053

Microsoft Office Sessions:

=========================

Error: (09/03/2014 00:27:32 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: chrome.exe36.0.1985.143120801cfc632cf50009320