Fake App Attack Misleading File Download 3. #?

wolfgirl1719
New Helpee

Posts: 18

Fake App Attack Misleading File Download 3. #? Feb 4, 2014 8:13:23 GMT -8

Post by wolfgirl1719 on Feb 4, 2014 8:13:23 GMT -8

Hi, My firefox will not stay open for more than 2 mins at a time. It shuts down and Norton gives me a message saying "Fake App Attack Misleading File Download 3" It does this on any and every website I am on. I have tried doing full scans with my Norton and nothing is detected. I also tried using the Norton Power Eraser and it too did not fix the problem. I'm Running on Windows 7 Home Premium 64 bit. I appreciate any and all help with this matter.

Last Edit: Feb 4, 2014 8:46:15 GMT -8 by wolfgirl1719

Quads
Malware Removalists

In New Zealand

Posts: 9,387

Fake App Attack Misleading File Download 3. #? Feb 4, 2014 14:30:22 GMT -8

Post by Quads on Feb 4, 2014 14:30:22 GMT -8

Do Not use advanced tools or any tools used on this board without supervision.

Malware removal can be difficult over a forum as it is, without a user doing their own actions, the tools used are more advanced and thus have added danger that comes with that. This board is protected so that only Malware removers, Admin and Mods can reply to a users thread but all members can create a thread asking for removal of Infection(s)

Make changes to your computer only when the Malware Expert specifically states it. The Malware Experts request specific steps to be followed, as some malware removal requires multiple steps and evaluations along the way. When you take other advice or make other changes, this often negates the work done by the expert, and can sometimes result in an inoperable system.

This also includes any tools or steps other than those the from the Malware Expert. We need to be certain about the state of your system to see what actually is going on, and what is required to fix the system while not harming the rest of the system. Most often, well-intentioned independent efforts can make things much worse. The malware remediation tools are more advanced than othe tools, and can often create bigger problems when used without expert guidance.

Follow all the directions in order, and to the end. Please perform all steps in the order they are listed in each set of instructions. As you might imagine, some steps are a bit complicated. If things are not clear, be sure to stop and let the Malware Expert know the problem. We don't mind clarifying a situation, as others might have the same question. If a tool does not run as expected, don't force it. Stop the steps, and update the forum topic with the current situation. It is better stop and let us know, than to force a tool to run and cause bigger problems.

Also, when your computer is clean and we are finished, the Expert will tell you we are finished. Malware removal is a process that requires verification, and we want to be sure your system is completely clean before we're done.

When describing your problem, provide as much information as possible, as soon as possible. Explain as best you can what happens with your computer, e.g. it beeps three times, black screen with cursor then goes no further, system gets stuck at the Windows startup logo, etc. This helps the expert to understand what is happening to the system and what may be wrong. If your computer cannot start up successfully please provide details about your installed Windows Operating System, including the Version, Edition and if it is a 32bit or a 64bit system. (e.g. Windows Vista Home Premium 32-bit)

When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.

Take longer to read if your language is not English, so that hopefully it is understood.

Reply stating you have read the post fully.

I also have a lot of systems at once to deal with like being in a supermarket checkout line, waiting their turn.

Quads

wolfgirl1719 New Helpee Posts: 18	Fake App Attack Misleading File Download 3. #? Feb 4, 2014 17:41:25 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by wolfgirl1719 on Feb 4, 2014 17:41:25 GMT -8 I have read the post fully and understand.

Quads Malware Removalists In New Zealand Posts: 9,387	Fake App Attack Misleading File Download 3. #? Feb 4, 2014 21:05:36 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by Quads on Feb 4, 2014 21:05:36 GMT -8 My Side Kick should be along for the next steps some time as to keep up I am concentrating on scripting or if something does wrong Quads

dbrisen
Malware Removalists

Posts: 3,688

Fake App Attack Misleading File Download 3. #? Feb 4, 2014 22:11:55 GMT -8

Post by dbrisen on Feb 4, 2014 22:11:55 GMT -8

Read Slowly and all of it.

Please download www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 64 bit version.

Place FRST64.exe onto your desktop from where ever it downloaded to. IF IT IS NOT ON THE DESKTOP (YOU DID NOT DOWNLOAD DIRECTLY TO DESKTOP), THEN RIGHT CLICK ON THE DOWNLOADED FILE AND SELECT CUT. FIND A BLANK SPOT ON YOUR DESKTOP AND RIGHT CLICK ON IT, SELECT PASTE AND THE FILE WILL BE ON THE DESKTOP. Thank You (this is very important later on)!

Start FRST64 that is on your Desktop

The tool will start to run.
When the tool opens click Yes to disclaimer. (if it does)
Press Scan button.

It will make two logs (FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. (Ask if you don't know how to do either of these).

I will not provide malware removal by PM; please post in your thread on the Malware Removal board.
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

wolfgirl1719 New Helpee Posts: 18	Fake App Attack Misleading File Download 3. #? Feb 5, 2014 7:49:58 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by wolfgirl1719 on Feb 5, 2014 7:49:58 GMT -8 Here are the logs: Attachment Deleted Attachment Deleted

wolfgirl1719
New Helpee

Posts: 18

Fake App Attack Misleading File Download 3. #? Feb 5, 2014 7:55:27 GMT -8

Post by wolfgirl1719 on Feb 5, 2014 7:55:27 GMT -8

Seems there's server trouble today and I can't add attachments. so here's the long version.

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Salina (administrator) on WOLFGIRL1920-HP on 05-02-2014 07:46:35
Running from C:\Users\Salina\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [RaidCall] - C:\Program Files (x86)\RaidCall\raidcall.exe [3153592 2012-10-28] (RAIDCALL.COM)
HKLM-x32\...\Run: [NCUpdateHelper] - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2013-07-15] (NCSOFT Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] - C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [49008 2013-09-24] (CenturyLink Inc)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-4084707046-1126817773-2197132759-1003\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\S-1-5-21-4084707046-1126817773-2197132759-1003\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4084707046-1126817773-2197132759-1003\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4084707046-1126817773-2197132759-1003\...\Run: [FlashGet 3] - "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
Startup: C:\Users\Richie1920\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Wolfgirl1920\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.facebook.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=6.4.0.9
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
URLSearchHook: HKLM-x32 - SearchFlyBar3 Toolbar - {489d3a56-53d9-44c2-a113-5820cdab4206} - C:\Program Files (x86)\SearchFlyBar3\prxtbSear.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - MixiDJ V46 Toolbar - {62cad681-699f-4f83-b87f-95584003592f} - C:\Program Files (x86)\MixiDJ_V46\prxtbMixi.dll (Conduit Ltd.)
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM - {DB354CC9-5BB0-4E56-A758-13CDA3646721} URL = www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9CAC4A62-57F6-4113-9354-63BDFF12781E} URL =
SearchScopes: HKLM-x32 - {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = search.easylifeapp.com/?q={searchTerms}&pid=388&src=ie2&r=2013/05/29&hid=1466105877&lg=EN&cc=US
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = websearch.pu-results.info/?l=1&q={searchTerms}&pid=321&r=2013/03/18&hid=1466105877&lg=EN&cc=US
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {DB354CC9-5BB0-4E56-A758-13CDA3646721} URL = www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {DB354CC9-5BB0-4E56-A758-13CDA3646721} URL = www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: SearchFlyBar3 Toolbar - {489d3a56-53d9-44c2-a113-5820cdab4206} - C:\Program Files (x86)\SearchFlyBar3\prxtbSear.dll (Conduit Ltd.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: MixiDJ V46 Toolbar - {62cad681-699f-4f83-b87f-95584003592f} - C:\Program Files (x86)\MixiDJ_V46\prxtbMixi.dll (Conduit Ltd.)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - SearchFlyBar3 Toolbar - {489d3a56-53d9-44c2-a113-5820cdab4206} - C:\Program Files (x86)\SearchFlyBar3\prxtbSear.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - MixiDJ V46 Toolbar - {62cad681-699f-4f83-b87f-95584003592f} - C:\Program Files (x86)\MixiDJ_V46\prxtbMixi.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\e94mduab.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Bing
FF Homepage: www.facebook.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.kr/RCplugin - C:\Users\Wolfgirl1920\AppData\Roaming\RCKR\plugins\nprcplugin.dll (Raidcall)
FF SearchPlugin: C:\Users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\e94mduab.default\searchplugins\yahoo_ff.xml
FF Extension: iCloud Bookmarks - C:\Users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\e94mduab.default\Extensions\firefoxdav@icloud.com [2013-12-23]
FF Extension: Start Page - C:\Users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\e94mduab.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} [2014-01-29]
FF Extension: Adblock Plus - C:\Users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\e94mduab.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-19]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: ""
CHR Extension: (Google Docs) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03]
CHR Extension: (Google Drive) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03]
CHR Extension: (YouTube) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03]
CHR Extension: (wxDownload) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknalfmhfpndcjfgmpgbigdgdmbebfpg [2014-02-03]
CHR Extension: (Google Search) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-02-03]
CHR Extension: (Domain Error Assistant) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-02-03]
CHR Extension: (Norton Identity Protection) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-02-03]
CHR Extension: (Google Wallet) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-02-03]
CHR Extension: (Gmail) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03]
CHR HKLM-x32\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\Wolfgirl1920\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-07-04]
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2013-07-04]
CHR HKLM-x32\...\Chrome\Extension: [ccifdkgnonhkcmaoappjpmijdhlppgmg] - C:\Users\Wolfgirl1920\AppData\Local\CRE\ccifdkgnonhkcmaoappjpmijdhlppgmg.crx [2013-06-13]
CHR HKLM-x32\...\Chrome\Extension: [cknalfmhfpndcjfgmpgbigdgdmbebfpg] - C:\ProgramData\wxDownload\cknalfmhfpndcjfgmpgbigdgdmbebfpg.crx [2012-10-22]
CHR HKLM-x32\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Wolfgirl1920\AppData\Local\Temp\bhfiles\smileyswelovetoolbar_3_0_8_0.crx [2012-10-22]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-29]
CHR HKLM-x32\...\Chrome\Extension: [nkmdkhlmpgjdekdinojlgljadcjnfcjn] - C:\Users\Wolfgirl1920\AppData\Local\CRE\nkmdkhlmpgjdekdinojlgljadcjnfcjn.crx [2013-06-08]
CHR HKLM-x32\...\Chrome\Extension: [pcajpdcjfekhfnapaiphaecoajeollnc] - C:\Users\Wolfgirl1920\AppData\Local\CRE\pcajpdcjfekhfnapaiphaecoajeollnc.crx [2013-06-05]
CHR HKLM-x32\...\Chrome\Extension: [pghhekebaieongdhflfiknpdilodpkdg] - C:\Users\Wolfgirl1920\AppData\Local\CRE\pghhekebaieongdhflfiknpdilodpkdg.crx [2013-06-25]

==================== Services (Whitelisted) =================

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140205.001\IDSvia64.sys [521944 2014-02-03] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140204.024\ENG64.SYS [126040 2014-02-03] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140204.024\EX64.SYS [2099288 2014-02-03] (Symantec Corporation)
R1 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-10] (MCCI Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 X6va005; \??\C:\Users\WOLFGI~1\AppData\Local\Temp\005399.tmp [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-05 07:46 - 2014-02-05 07:47 - 00025040 _____ () C:\Users\Salina\Desktop\FRST.txt
2014-02-05 07:46 - 2014-02-05 07:46 - 00000000 ____D () C:\FRST
2014-02-05 07:43 - 2014-02-05 07:45 - 00000000 ____D () C:\Users\Salina\Desktop\FRST64
2014-02-05 07:43 - 2014-02-05 07:43 - 02080256 _____ (Farbar) C:\Users\Salina\Desktop\FRST64.exe
2014-02-04 18:56 - 2014-02-04 18:56 - 00000053 _____ () C:\Users\Salina\Desktop\group health.txt
2014-02-04 18:13 - 2014-02-04 18:13 - 00002377 _____ () C:\Users\Salina\Documents\MumbleAutomaticCertificateBackup.p12
2014-02-04 18:10 - 2014-02-04 20:45 - 00000000 ____D () C:\Users\Salina\AppData\Roaming\Mumble
2014-02-04 08:26 - 2014-02-04 09:12 - 00000510 _____ () C:\Users\Wolfgirl1920\AppData\Roaming\Microsoft\Windows\Start Menu\Fake App Attack Misleading File Download 3. Malware Removal.website
2014-02-04 07:53 - 2014-02-04 08:21 - 00000000 ____D () C:\Users\Wolfgirl1920\AppData\Local\NPE
2014-02-04 07:29 - 2014-02-04 07:29 - 01022064 _____ (Symantec Corporation) C:\Users\Salina\Downloads\NBRT-SOS-Downloader.exe
2014-02-04 05:18 - 2014-02-04 07:42 - 00000000 ____D () C:\Users\Salina\AppData\Local\NPE
2014-02-04 05:17 - 2014-02-04 05:17 - 03053496 ____N (Symantec Corporation) C:\Users\Salina\Downloads\NPE.exe
2014-02-04 05:08 - 2014-02-04 05:18 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\NPE
2014-02-04 00:33 - 2014-02-04 00:36 - 24859352 _____ (Microsoft Corporation) C:\Users\Richie1920\Downloads\Windows-KB890830-x64-V5.8.exe
2014-02-03 18:07 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-03 18:02 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-03 18:02 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-03 18:02 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-03 18:02 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-03 18:02 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-03 18:02 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-03 18:02 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-03 18:02 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-03 16:47 - 2014-02-03 16:47 - 00000000 ____D () C:\Users\Richie1920\Desktop\Old Firefox Data
2014-02-03 15:52 - 2014-02-03 15:53 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\{30874F1D-19EE-4635-9289-FB67216F2F95}
2014-02-03 15:52 - 2014-02-03 15:52 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\{D8A06303-5C0C-49C4-B7EE-2E6CED3CBAAB}
2014-02-03 13:10 - 2014-02-03 13:15 - 00000000 ____D () C:\Users\Salina\AppData\Local\Google
2014-01-28 19:33 - 2014-02-03 17:38 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\Slick Savings
2014-01-28 19:33 - 2014-01-28 19:33 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\Slick Savings
2014-01-27 18:18 - 2014-02-04 11:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-27 18:18 - 2014-01-27 18:18 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-27 18:18 - 2014-01-27 18:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-27 18:18 - 2014-01-27 18:18 - 00000000 ____D () C:\Program Files\iTunes
2014-01-27 18:18 - 2014-01-27 18:18 - 00000000 ____D () C:\Program Files\iPod
2014-01-27 17:32 - 2014-01-27 17:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-01-27 17:27 - 2014-01-27 17:27 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-01-27 17:27 - 2014-01-27 17:27 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-01-27 17:27 - 2014-01-27 17:27 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-01-27 17:27 - 2014-01-27 17:27 - 00002579 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-27 17:27 - 2014-01-27 17:27 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-01-27 17:25 - 2014-01-27 17:25 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-01-27 17:25 - 2014-01-27 17:25 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-01-27 17:22 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-27 17:22 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-27 17:22 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-27 17:22 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-27 17:21 - 2014-01-27 17:22 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 17:20 - 2014-01-27 17:20 - 00000000 ____D () C:\ProgramData\PCSettings
2014-01-27 17:06 - 2014-01-27 17:06 - 00001373 _____ () C:\Users\Salina\Downloads\Norton Installation Files.lnk
2014-01-27 17:06 - 2014-01-27 17:06 - 00000000 ____D () C:\Users\Salina\Documents\Symantec
2014-01-27 16:32 - 2014-01-27 16:35 - 00000000 ____D () C:\ProgramData\CenturyLink
2014-01-27 16:31 - 2014-01-27 16:35 - 00000000 ____D () C:\Program Files (x86)\Qwest
2014-01-27 16:31 - 2014-01-27 16:31 - 00000000 ____D () C:\Program Files (x86)\CenturyLink
2014-01-27 16:30 - 2014-01-27 16:31 - 00002415 _____ () C:\Windows\CenturyLinkInstallerSetup.log
2014-01-27 16:29 - 2014-01-27 16:30 - 02562968 _____ () C:\Users\Salina\Downloads\CenturyLinkInstallerSetup.exe
2014-01-27 16:10 - 2014-01-27 16:10 - 00011064 _____ () C:\Users\Salina\Downloads\CenturyLink_Configuration_Details.html

==================== One Month Modified Files and Folders =======

2014-02-05 07:47 - 2014-02-05 07:46 - 00025040 _____ () C:\Users\Salina\Desktop\FRST.txt
2014-02-05 07:46 - 2014-02-05 07:46 - 00000000 ____D () C:\FRST
2014-02-05 07:45 - 2014-02-05 07:43 - 00000000 ____D () C:\Users\Salina\Desktop\FRST64
2014-02-05 07:43 - 2014-02-05 07:43 - 02080256 _____ (Farbar) C:\Users\Salina\Desktop\FRST64.exe
2014-02-05 07:28 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 07:28 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 07:26 - 2012-08-06 10:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 07:24 - 2012-08-06 10:02 - 01544413 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 07:23 - 2013-07-12 06:26 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2D569CED-FDCF-4914-9AD7-C08DACBD667A}
2014-02-05 07:21 - 2013-08-13 16:36 - 00000000 ____D () C:\Users\Salina\AppData\Roaming\Skype
2014-02-05 07:20 - 2012-11-11 10:56 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-05 07:20 - 2012-10-22 12:57 - 00000390 ____H () C:\Windows\Tasks\WxDFastUpdaterTask{098A328E-2A3A-4A50-A574-547B7EC7A221}.job
2014-02-05 07:20 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 07:20 - 2009-07-13 20:51 - 00088560 _____ () C:\Windows\setupact.log
2014-02-04 22:12 - 2013-07-06 17:44 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\PMB Files
2014-02-04 22:11 - 2012-08-06 18:28 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\Deployment
2014-02-04 22:11 - 2012-08-06 18:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-04 22:03 - 2013-06-17 01:03 - 00000306 _____ () C:\Windows\Tasks\DSite.job
2014-02-04 20:45 - 2014-02-04 18:10 - 00000000 ____D () C:\Users\Salina\AppData\Roaming\Mumble
2014-02-04 18:56 - 2014-02-04 18:56 - 00000053 _____ () C:\Users\Salina\Desktop\group health.txt
2014-02-04 18:13 - 2014-02-04 18:13 - 00002377 _____ () C:\Users\Salina\Documents\MumbleAutomaticCertificateBackup.p12
2014-02-04 18:08 - 2012-08-10 22:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-04 18:06 - 2013-06-16 23:41 - 00000000 ____D () C:\Program Files (x86)\SafeSaver
2014-02-04 18:06 - 2010-11-20 19:47 - 01879160 _____ () C:\Windows\PFRO.log
2014-02-04 18:05 - 2013-07-12 06:25 - 00000000 ____D () C:\Users\Salina
2014-02-04 18:04 - 2012-09-19 21:08 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-02-04 15:10 - 2013-01-04 13:16 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-04 15:10 - 2012-08-07 11:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-04 15:05 - 2013-07-16 13:41 - 00000000 ____D () C:\Users\Salina\AppData\Roaming\HpUpdate
2014-02-04 15:05 - 2013-07-16 13:41 - 00000000 ____D () C:\Users\Salina\AppData\Roaming\HP Support Assistant
2014-02-04 11:12 - 2014-01-27 18:18 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-04 09:27 - 2013-07-20 10:25 - 00000000 ____D () C:\Users\Salina\AppData\Local\Adobe
2014-02-04 09:23 - 2012-08-06 10:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 09:23 - 2012-08-06 10:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 09:23 - 2012-05-16 23:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 09:16 - 2013-07-12 06:26 - 00000000 ____D () C:\Users\Salina\AppData\Local\LogMeIn Hamachi
2014-02-04 09:12 - 2014-02-04 08:26 - 00000510 _____ () C:\Users\Wolfgirl1920\AppData\Roaming\Microsoft\Windows\Start Menu\Fake App Attack Misleading File Download 3. Malware Removal.website
2014-02-04 08:33 - 2012-05-16 23:54 - 00000000 ____D () C:\ProgramData\WildTangent
2014-02-04 08:28 - 2009-07-13 21:13 - 00796910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-04 08:26 - 2011-02-11 09:15 - 00775482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-04 08:21 - 2014-02-04 07:53 - 00000000 ____D () C:\Users\Wolfgirl1920\AppData\Local\NPE
2014-02-04 08:14 - 2012-10-24 16:45 - 00000000 ____D () C:\Users\Wolfgirl1920\AppData\Local\PMB Files
2014-02-04 07:50 - 2013-03-08 01:15 - 00000000 ____D () C:\Users\Wolfgirl1920\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
2014-02-04 07:46 - 2012-08-06 10:17 - 00000000 ____D () C:\Users\Wolfgirl1920\AppData\Local\Mozilla
2014-02-04 07:43 - 2012-08-06 10:07 - 00001419 _____ () C:\Users\Wolfgirl1920\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-04 07:42 - 2014-02-04 05:18 - 00000000 ____D () C:\Users\Salina\AppData\Local\NPE
2014-02-04 07:37 - 2012-05-16 23:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-04 07:34 - 2013-05-29 04:59 - 00000000 ____D () C:\ProgramData\SearchNewTab
2014-02-04 07:33 - 2013-03-17 18:01 - 00000000 ____D () C:\ProgramData\Vauaddix
2014-02-04 07:32 - 2012-05-17 00:06 - 00000000 ____D () C:\ProgramData\Norton
2014-02-04 07:30 - 2012-10-08 19:30 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-02-04 07:29 - 2014-02-04 07:29 - 01022064 _____ (Symantec Corporation) C:\Users\Salina\Downloads\NBRT-SOS-Downloader.exe
2014-02-04 05:50 - 2012-08-06 18:00 - 00000000 ____D () C:\Users\Richie1920
2014-02-04 05:46 - 2012-08-06 10:02 - 00000000 ____D () C:\Users\Wolfgirl1920
2014-02-04 05:18 - 2014-02-04 05:08 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\NPE
2014-02-04 05:17 - 2014-02-04 05:17 - 03053496 ____N (Symantec Corporation) C:\Users\Salina\Downloads\NPE.exe
2014-02-04 05:15 - 2013-06-16 23:40 - 00000000 ____D () C:\ProgramData\safe saaVE
2014-02-04 05:10 - 2009-07-13 20:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-04 05:08 - 2012-08-06 18:01 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BECB6600-4FE8-4824-BA79-A270837AAB0D}
2014-02-04 01:05 - 2012-08-06 10:21 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-02-04 00:36 - 2014-02-04 00:33 - 24859352 _____ (Microsoft Corporation) C:\Users\Richie1920\Downloads\Windows-KB890830-x64-V5.8.exe
2014-02-03 22:20 - 2013-12-31 16:20 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRichie1920
2014-02-03 22:20 - 2013-12-31 16:20 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForRichie1920.job
2014-02-03 17:57 - 2013-07-06 17:44 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\BITS
2014-02-03 17:39 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-02-03 17:38 - 2014-01-28 19:33 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\Slick Savings
2014-02-03 17:38 - 2013-12-19 17:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-03 17:38 - 2013-12-13 17:22 - 00000000 ____D () C:\Users\Salina\AppData\Roaming\BITS
2014-02-03 17:38 - 2013-07-06 17:50 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\Azureus
2014-02-03 17:38 - 2012-10-24 16:45 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-03 17:38 - 2012-08-06 10:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-03 17:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-03 17:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-02-03 17:34 - 2013-12-17 18:35 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\Mumble
2014-02-03 17:34 - 2012-08-06 18:02 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\Mozilla
2014-02-03 17:33 - 2013-06-16 20:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-03 16:47 - 2014-02-03 16:47 - 00000000 ____D () C:\Users\Richie1920\Desktop\Old Firefox Data
2014-02-03 15:53 - 2014-02-03 15:52 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\{30874F1D-19EE-4635-9289-FB67216F2F95}
2014-02-03 15:52 - 2014-02-03 15:52 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\{D8A06303-5C0C-49C4-B7EE-2E6CED3CBAAB}
2014-02-03 13:15 - 2014-02-03 13:10 - 00000000 ____D () C:\Users\Salina\AppData\Local\Google
2014-01-29 15:17 - 2013-07-13 12:03 - 00000000 ____D () C:\Users\Salina\AppData\Local\CrashDumps
2014-01-28 19:33 - 2014-01-28 19:33 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\Slick Savings
2014-01-28 18:29 - 2012-08-14 11:13 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\HpUpdate
2014-01-28 18:29 - 2012-08-14 11:13 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\HP Support Assistant
2014-01-28 03:02 - 2013-07-15 23:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-27 18:18 - 2014-01-27 18:18 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-27 18:18 - 2014-01-27 18:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-27 18:18 - 2014-01-27 18:18 - 00000000 ____D () C:\Program Files\iTunes
2014-01-27 18:18 - 2014-01-27 18:18 - 00000000 ____D () C:\Program Files\iPod
2014-01-27 18:15 - 2012-08-06 10:22 - 00000000 ____D () C:\ProgramData\Apple
2014-01-27 17:32 - 2014-01-27 17:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-01-27 17:27 - 2014-01-27 17:27 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-01-27 17:27 - 2014-01-27 17:27 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-01-27 17:27 - 2014-01-27 17:27 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-01-27 17:27 - 2014-01-27 17:27 - 00002579 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-27 17:27 - 2014-01-27 17:27 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-01-27 17:25 - 2014-01-27 17:25 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-01-27 17:25 - 2014-01-27 17:25 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-01-27 17:22 - 2014-01-27 17:21 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 17:22 - 2013-12-06 20:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-27 17:22 - 2013-07-04 12:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-27 17:20 - 2014-01-27 17:20 - 00000000 ____D () C:\ProgramData\PCSettings
2014-01-27 17:14 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-27 17:06 - 2014-01-27 17:06 - 00001373 _____ () C:\Users\Salina\Downloads\Norton Installation Files.lnk
2014-01-27 17:06 - 2014-01-27 17:06 - 00000000 ____D () C:\Users\Salina\Documents\Symantec
2014-01-27 16:35 - 2014-01-27 16:32 - 00000000 ____D () C:\ProgramData\CenturyLink
2014-01-27 16:35 - 2014-01-27 16:31 - 00000000 ____D () C:\Program Files (x86)\Qwest
2014-01-27 16:31 - 2014-01-27 16:31 - 00000000 ____D () C:\Program Files (x86)\CenturyLink
2014-01-27 16:31 - 2014-01-27 16:30 - 00002415 _____ () C:\Windows\CenturyLinkInstallerSetup.log
2014-01-27 16:30 - 2014-01-27 16:29 - 02562968 _____ () C:\Users\Salina\Downloads\CenturyLinkInstallerSetup.exe
2014-01-27 16:10 - 2014-01-27 16:10 - 00011064 _____ () C:\Users\Salina\Downloads\CenturyLink_Configuration_Details.html
2014-01-17 16:43 - 2009-07-13 21:08 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-06 16:20 - 2012-08-07 08:21 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Wolfgirl1920\AppData\Roaming\Camdata.ini
C:\Users\Wolfgirl1920\AppData\Roaming\CamLayout.ini
C:\Users\Wolfgirl1920\AppData\Roaming\CamShapes.ini

Some content of TEMP:
====================
C:\Users\Richie1920\AppData\Local\Temp\kwlqx8xa.dll
C:\Users\Salina\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Salina\AppData\Local\Temp\NIS2014.exe
C:\Users\Salina\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Salina\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_28752.exe
C:\Users\Wolfgirl1920\AppData\Local\Temp\VP6Install.exe
C:\Users\Wolfgirl1920\AppData\Local\Temp\VP6VFW.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-30 16:26

==================== End Of Log ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2014
Ran by Salina at 2014-02-05 07:47:20
Running from C:\Users\Salina\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Age of Empires® III: Complete Collection (x32 Version: - )
Aion (x32 Version: 4.0.0.3 - NC Interactive, LLC)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.0211.52.1206 - Advanced Micro Devices, Inc.) Hidden
Amnesia: The Dark Descent (x32 Version: - )
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth by hp (Version: 6.3.0.8200 - Broadcom Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0211.52.1206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0211.52.1206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0211.52.1206 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2012.0211.52.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0211.52.1206 - Advanced Micro Devices, Inc.) Hidden
CenturyLink Installer (x32 Version: 1.0 - CenturyLink, Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Criminal Minds (x32 Version: - Oberon Media)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (x32 Version: 1.0.7.14633 - Blizzard Entertainment)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook (x32 Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free Studio version 2013 (x32 Version: 6.1.0.320 - DVDVideoSoft Ltd.)
GameStop App (x32 Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
Google Update Helper (x32 Version: 1.3.21.149 - Google Inc.) Hidden
Heroes of Might and Magic V: Tribes of the East (x32 Version: - Ubisoft)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (Version: 1.0.393.3870 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Calendar (x32 Version: 5.1.4245.23508 - Hewlett-Packard)
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Clock (x32 Version: 5.1.4244.16367 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (x32 Version: 1.0.2.5 - WildTangent)
HP LinkUp (x32 Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (x32 Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (x32 Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden
HP MovieStore (x32 Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (x32 Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard)
HP RSS (x32 Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (x32 Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (x32 Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (x32 Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (x32 Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (x32 Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (x32 Version: 5.1.4295.16450 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.222.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (Version: 3.1.0.40 - Apple Inc.)
Insanely Twisted Shadow Planet (x32 Version: - )
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (x32 Version: 2.0.3 - Kobo Inc.)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Logitech SetPoint 6.32 (Version: 6.32.20 - Logitech)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magical Diary (x32 Version: - )
Magical Drop V (x32 Version: - )
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (x32 Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (x32 Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
MixiDJ V46 Toolbar (x32 Version: 6.13.3.505 - MixiDJ V46) <==== ATTENTION
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (x32 Version: 1.2.4 - Thorvald Natvig)
NCSOFT Game Launcher (x32 Version: - NCSOFT)
Need For Speed™ World (x32 Version: 1.0.0.1055 - Electronic Arts)
Norton Internet Security (x32 Version: 21.1.0.18 - Symantec Corporation)
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Origin (x32 Version: 9.0.2.2064 - Electronic Arts, Inc.)
Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Pokémon Trading Card Game Online (x32 Version: 1.0.0 - The Pokémon Company International)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden
PressReader (x32 Version: 5.11.0721.0 - NewspaperDirect Inc.)
Project64 1.6 (x32 Version: 1.6 - Project64)
RaidCall (x32 Version: 7.0.4-1.0.2409.253 - raidcall.com)
RAIDXpert (x32 Version: 3.3.1540.19 - AMD)
RAIDXpert (x32 Version: 3.3.1540.19 - AMD) Hidden
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (x32 Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
SDO-X (Version: - CiB Net Station)
SDO-X (x32 Version: - CiB Net Station)
SearchFlyBar3 Toolbar (x32 Version: 6.14.0.27 - SearchFlyBar3)
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.6 (x32 Version: 6.6.106 - Skype Technologies S.A.)
Sony Music Sync (x32 Version: - )
Spot (x32 Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Star Wars: The Old Republic (x32 Version: 1.00 - Electronic Arts, Inc.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Tap Tap Bear (x32 Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Terraria (x32 Version: - )
Terraria Game Launcher GUI version 1.2.2 (x32 Version: 1.2.2 - )
The Sims 2 Family Fun Stuff (x32 Version: - )
The Sims 2 Open For Business (x32 Version: - )
The Sims™ 2 Double Deluxe (x32 Version: - Electronic Arts)
The Sims™ 2 Seasons (x32 Version: - )
The Sims™ 2 Teen Style Stuff (x32 Version: - Electronic Arts)
The Sims™ 3 (x32 Version: 1.50.56 - Electronic Arts)
The Sims™ 3 Pets (x32 Version: 10.0.96 - Electronic Arts)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WeDance Online 20130508 (x32 Version: 20130508 - CiB Net Station)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World of Warcraft (x32 Version: - Blizzard Entertainment)
World of Warcraft Beta (x32 Version: 5.0.5.16048 - Blizzard Entertainment)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
ZoneAlarm LTD Toolbar (Version: - Check Point Software Technologies)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points =========================

04-02-2014 11:00:27 Windows Update
04-02-2014 13:29:13 Norton_Power_Eraser_20140204052909093
04-02-2014 15:35:24 Removed LoveBeat
04-02-2014 16:01:13 Removed Zinio Reader 4
04-02-2014 16:21:14 Windows Update
05-02-2014 01:55:12 Removed Mumble 1.2.3
05-02-2014 02:02:52 Installed Mumble 1.2.4

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02C9C251-FF45-4B3F-95C1-624668B7CEAB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {06D3D254-2EE3-40DF-BFFD-4F5A4100A009} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {10D10356-B890-4FB4-8DC0-A35AEAAE3F74} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {133379A4-E814-40EA-AE76-293897FEFD8B} - System32\Tasks\WxDFastUpdaterTask{098A328E-2A3A-4A50-A574-547B7EC7A221} => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION
Task: {2A77AC77-6A35-4D1F-AE5E-86882968AE6E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3C1E7A50-CAAD-473A-9306-59A92D53D923} - System32\Tasks\HPCeeScheduleForRichie1920 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {404CD257-AD88-4857-8BA6-F4FD51674C2B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {62F553AF-48B5-47E4-A5C6-92355E522882} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {632F6B8E-F267-4101-9495-ED5CCCEC37FA} - System32\Tasks\{A17B34CC-94E2-4194-8AEA-085E09C37766} => C:\Users\Wolfgirl1920\Desktop\requiem-3.3.6-win\Requiem.exe
Task: {70D06EA7-2164-45C0-9F51-ADECD31F9027} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {78E1595E-8984-4831-A31E-2050B399FBC6} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {814BC785-B809-4362-A9E5-29B76A98D6CE} - System32\Tasks\{A7F071FE-53B5-4256-8C61-F447B3FEC22E} => C:\Users\Wolfgirl1920\Desktop\requiem-3.3.6-win\Requiem.exe
Task: {8BA029ED-CD36-4DC6-96B6-DEAE08CE8FAF} - System32\Tasks\4812 => Wscript.exe C:\Users\WOLFGI~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {B4A85D41-5AF5-4EE3-99C6-D43E1BDF1E89} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {B5351DBB-5146-4581-BB94-6D3A9FF91793} - System32\Tasks\{79FF545D-C255-48C0-94D1-985D14CB28C4} => C:\Program Files (x86)\World of Warcraft\Launcher.exe
Task: {B5B885A7-542D-4E9B-8863-5FE3781441E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C3AF729B-4940-4B16-8583-A83220757537} - \RunAsStdUser Task No Task File
Task: {E00A29EF-69FB-41B2-9670-0B2DF278753A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4084707046-1126817773-2197132759-1000
Task: {E4595279-0D34-43B6-AE4A-76B40796783E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {F0AC16E3-64F9-44CB-B31F-2F07ADAC1477} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {F6324E96-B506-437D-AB32-B0570978F014} - System32\Tasks\DSite => C:\Users\WOLFGI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\WOLFGI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\HPCeeScheduleForRichie1920.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\WxDFastUpdaterTask{098A328E-2A3A-4A50-A574-547B7EC7A221}.job => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-07-22 13:48 - 2011-07-22 13:48 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:214562D2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: HP Bluetooth module
Description: HP Bluetooth module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2014 06:03:58 PM) (Source: Microsoft-Windows-RestartManager) (User: Wolfgirl1920-HP)
Description: Application or service 'iTunesHelper' could not be shut down.

Error: (02/04/2014 06:03:28 PM) (Source: Microsoft-Windows-RestartManager) (User: Wolfgirl1920-HP)
Description: Application or service 'YSLoader.exe' could not be shut down.

Error: (02/04/2014 08:29:17 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003

Error: (02/04/2014 08:28:36 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error: (02/04/2014 08:28:36 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error: (02/04/2014 08:01:31 AM) (Source: MsiInstaller) (User: Wolfgirl1920-HP)
Description: Product: Zinio Reader 4 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\7d458d.ipi, -2147287035,

Error: (02/04/2014 07:49:10 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 26.0.0.5087 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d58

Start Time: 01cf21c068bb38b8

Termination Time: 16

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: deb0f03a-8db3-11e3-9f5f-902b342a72f3

Error: (02/04/2014 07:47:15 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 26.0.0.5087 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b1c

Start Time: 01cf21c0212b06a5

Termination Time: 30

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 93a8b034-8db3-11e3-9f5f-902b342a72f3

Error: (02/04/2014 07:44:50 AM) (Source: Application Error) (User: )
Description: Faulting application name: CenturyLinkTouchPointAgent.exe, version: 2013.11.0.2, time stamp: 0x5241ae69
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0xe053534f
Fault offset: 0x0000c41f
Faulting process id: 0x%9
Faulting application start time: 0xCenturyLinkTouchPointAgent.exe0
Faulting application path: CenturyLinkTouchPointAgent.exe1
Faulting module path: CenturyLinkTouchPointAgent.exe2
Report Id: CenturyLinkTouchPointAgent.exe3

Error: (02/04/2014 00:32:47 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 26.0.0.5087 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1798

Start Time: 01cf21835449bdd4

Termination Time: 50

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: e8b25af9-8d76-11e3-98fa-902b342a72f3

System errors:
=============
Error: (02/05/2014 07:46:27 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (02/05/2014 07:31:10 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (02/05/2014 07:27:59 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (02/05/2014 07:20:48 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:
%%1053

Error: (02/05/2014 07:20:48 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

Error: (02/04/2014 10:23:57 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (02/04/2014 10:04:54 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (02/04/2014 09:50:58 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (02/04/2014 06:09:00 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/04/2014 06:08:08 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (02/04/2014 06:03:58 PM) (Source: Microsoft-Windows-RestartManager)(User: Wolfgirl1920-HP)
Description: 4C:\Program Files (x86)\iTunes\iTunesHelper.exeiTunesHelper0241777280

Error: (02/04/2014 06:03:28 PM) (Source: Microsoft-Windows-RestartManager)(User: Wolfgirl1920-HP)
Description: 4C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exeYSLoader.exe0541772640

Error: (02/04/2014 08:29:17 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (02/04/2014 08:28:36 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (02/04/2014 08:28:36 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (02/04/2014 08:01:31 AM) (Source: MsiInstaller)(User: Wolfgirl1920-HP)
Description: Product: Zinio Reader 4 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\7d458d.ipi, -2147287035, (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/04/2014 07:49:10 AM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.50871d5801cf21c068bb38b816C:\Program Files (x86)\Mozilla Firefox\firefox.exedeb0f03a-8db3-11e3-9f5f-902b342a72f3

Error: (02/04/2014 07:47:15 AM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.50871b1c01cf21c0212b06a530C:\Program Files (x86)\Mozilla Firefox\firefox.exe93a8b034-8db3-11e3-9f5f-902b342a72f3

Error: (02/04/2014 07:44:50 AM) (Source: Application Error)(User: )
Description: CenturyLinkTouchPointAgent.exe2013.11.0.25241ae69KERNELBASE.dll6.1.7601.1822951fb1116e053534f0000c41f

Error: (02/04/2014 00:32:47 AM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087179801cf21835449bdd450C:\Program Files (x86)\Mozilla Firefox\firefox.exee8b25af9-8d76-11e3-98fa-902b342a72f3

CodeIntegrity Errors:
===================================
Date: 2012-11-10 04:44:45.100
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-10 04:44:45.068
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-10 04:44:45.053
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-10 04:44:45.022
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 10005.44 MB
Available physical RAM: 7736.46 MB
Total Pagefile: 20009.05 MB
Available Pagefile: 17666.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.11 GB) (Free:467.01 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:17.12 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931 GB) (Disk ID: 410ADF38)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Last Edit: Feb 5, 2014 16:14:16 GMT -8 by Quads

dbrisen
Malware Removalists

Posts: 3,688

Fake App Attack Misleading File Download 3. #? Feb 5, 2014 8:09:28 GMT -8

Post by dbrisen on Feb 5, 2014 8:09:28 GMT -8

Thank you for the logs; sometimes the servers do act up, so not a problem. Quads (lives in NZ so allow for TimeZone difference) will be along later to help fix your system with a script.

How is your system running? Any events (other than the usual updates and Quick scans) with Norton?

I will not provide malware removal by PM; please post in your thread on the Malware Removal board.
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

wolfgirl1719 New Helpee Posts: 18	Fake App Attack Misleading File Download 3. #? Feb 5, 2014 16:17:32 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by wolfgirl1719 on Feb 5, 2014 16:17:32 GMT -8 There's no other events other than the updates

Quads Malware Removalists In New Zealand Posts: 9,387	Fake App Attack Misleading File Download 3. #? Feb 5, 2014 16:17:48 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by Quads on Feb 5, 2014 16:17:48 GMT -8 Is your Browser(s) still crashing?? You do have items to deal with but not quite what I would have expected Quads
	Last Edit: Feb 5, 2014 16:19:18 GMT -8 by Quads

Fake App Attack Misleading File Download 3. #?

Post by wolfgirl1719 on Feb 4, 2014 8:13:23 GMT -8

Post by Quads on Feb 4, 2014 14:30:22 GMT -8

Post by wolfgirl1719 on Feb 4, 2014 17:41:25 GMT -8

Post by Quads on Feb 4, 2014 21:05:36 GMT -8

Post by dbrisen on Feb 4, 2014 22:11:55 GMT -8

Post by wolfgirl1719 on Feb 5, 2014 7:49:58 GMT -8

Post by wolfgirl1719 on Feb 5, 2014 7:55:27 GMT -8

Post by dbrisen on Feb 5, 2014 8:09:28 GMT -8

Post by wolfgirl1719 on Feb 5, 2014 16:17:32 GMT -8

Post by Quads on Feb 5, 2014 16:17:48 GMT -8