|
Post by wolfgirl1719 on Feb 4, 2014 8:13:23 GMT -8
Hi, My firefox will not stay open for more than 2 mins at a time. It shuts down and Norton gives me a message saying "Fake App Attack Misleading File Download 3" It does this on any and every website I am on. I have tried doing full scans with my Norton and nothing is detected. I also tried using the Norton Power Eraser and it too did not fix the problem. I'm Running on Windows 7 Home Premium 64 bit. I appreciate any and all help with this matter.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 4, 2014 14:30:22 GMT -8
Do Not use advanced tools or any tools used on this board without supervision.
Malware removal can be difficult over a forum as it is, without a user doing their own actions, the tools used are more advanced and thus have added danger that comes with that. This board is protected so that only Malware removers, Admin and Mods can reply to a users thread but all members can create a thread asking for removal of Infection(s)
Make changes to your computer only when the Malware Expert specifically states it. The Malware Experts request specific steps to be followed, as some malware removal requires multiple steps and evaluations along the way. When you take other advice or make other changes, this often negates the work done by the expert, and can sometimes result in an inoperable system. This also includes any tools or steps other than those the from the Malware Expert. We need to be certain about the state of your system to see what actually is going on, and what is required to fix the system while not harming the rest of the system. Most often, well-intentioned independent efforts can make things much worse. The malware remediation tools are more advanced than othe tools, and can often create bigger problems when used without expert guidance.
Follow all the directions in order, and to the end. Please perform all steps in the order they are listed in each set of instructions. As you might imagine, some steps are a bit complicated. If things are not clear, be sure to stop and let the Malware Expert know the problem. We don't mind clarifying a situation, as others might have the same question. If a tool does not run as expected, don't force it. Stop the steps, and update the forum topic with the current situation. It is better stop and let us know, than to force a tool to run and cause bigger problems. Also, when your computer is clean and we are finished, the Expert will tell you we are finished. Malware removal is a process that requires verification, and we want to be sure your system is completely clean before we're done.
When describing your problem, provide as much information as possible, as soon as possible. Explain as best you can what happens with your computer, e.g. it beeps three times, black screen with cursor then goes no further, system gets stuck at the Windows startup logo, etc. This helps the expert to understand what is happening to the system and what may be wrong. If your computer cannot start up successfully please provide details about your installed Windows Operating System, including the Version, Edition and if it is a 32bit or a 64bit system. (e.g. Windows Vista Home Premium 32-bit)
When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.
Take longer to read if your language is not English, so that hopefully it is understood.
Reply stating you have read the post fully.
I also have a lot of systems at once to deal with like being in a supermarket checkout line, waiting their turn.
Quads
|
|
|
Post by wolfgirl1719 on Feb 4, 2014 17:41:25 GMT -8
I have read the post fully and understand.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 4, 2014 21:05:36 GMT -8
My Side Kick should be along for the next steps some time as to keep up I am concentrating on scripting or if something does wrong
Quads
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Feb 4, 2014 22:11:55 GMT -8
Read Slowly and all of it.Please download www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 64 bit version. Place FRST64.exe onto your desktop from where ever it downloaded to. IF IT IS NOT ON THE DESKTOP (YOU DID NOT DOWNLOAD DIRECTLY TO DESKTOP), THEN RIGHT CLICK ON THE DOWNLOADED FILE AND SELECT CUT. FIND A BLANK SPOT ON YOUR DESKTOP AND RIGHT CLICK ON IT, SELECT PASTE AND THE FILE WILL BE ON THE DESKTOP. Thank You (this is very important later on)! Start FRST64 that is on your DesktopThe tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these).
|
|
|
Post by wolfgirl1719 on Feb 5, 2014 7:55:27 GMT -8
Seems there's server trouble today and I can't add attachments. so here's the long version.
FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014 Ran by Salina (administrator) on WOLFGIRL1920-HP on 05-02-2014 07:46:35 Running from C:\Users\Salina\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal
The only official download link for FRST: Download link for 32-Bit version: www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe (AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard ) HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [RaidCall] - C:\Program Files (x86)\RaidCall\raidcall.exe [3153592 2012-10-28] (RAIDCALL.COM) HKLM-x32\...\Run: [NCUpdateHelper] - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2013-07-15] (NCSOFT Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] - C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [49008 2013-09-24] (CenturyLink Inc) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-21-4084707046-1126817773-2197132759-1003\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKU\S-1-5-21-4084707046-1126817773-2197132759-1003\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4084707046-1126817773-2197132759-1003\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4084707046-1126817773-2197132759-1003\...\Run: [FlashGet 3] - "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize Startup: C:\Users\Richie1920\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Wolfgirl1920\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.facebook.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPDSK/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=6.4.0.9 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = search.msn.com/spbasic.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = home.microsoft.com/access/autosearch.asp?p=%s HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm URLSearchHook: HKLM-x32 - SearchFlyBar3 Toolbar - {489d3a56-53d9-44c2-a113-5820cdab4206} - C:\Program Files (x86)\SearchFlyBar3\prxtbSear.dll (Conduit Ltd.) URLSearchHook: HKLM-x32 - MixiDJ V46 Toolbar - {62cad681-699f-4f83-b87f-95584003592f} - C:\Program Files (x86)\MixiDJ_V46\prxtbMixi.dll (Conduit Ltd.) SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM - {DB354CC9-5BB0-4E56-A758-13CDA3646721} URL = www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {9CAC4A62-57F6-4113-9354-63BDFF12781E} URL = SearchScopes: HKLM-x32 - {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = search.easylifeapp.com/?q={searchTerms}&pid=388&src=ie2&r=2013/05/29&hid=1466105877&lg=EN&cc=US SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = websearch.pu-results.info/?l=1&q={searchTerms}&pid=321&r=2013/03/18&hid=1466105877&lg=EN&cc=US SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - {DB354CC9-5BB0-4E56-A758-13CDA3646721} URL = www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {DB354CC9-5BB0-4E56-A758-13CDA3646721} URL = www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-x32: SearchFlyBar3 Toolbar - {489d3a56-53d9-44c2-a113-5820cdab4206} - C:\Program Files (x86)\SearchFlyBar3\prxtbSear.dll (Conduit Ltd.) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO-x32: MixiDJ V46 Toolbar - {62cad681-699f-4f83-b87f-95584003592f} - C:\Program Files (x86)\MixiDJ_V46\prxtbMixi.dll (Conduit Ltd.) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - SearchFlyBar3 Toolbar - {489d3a56-53d9-44c2-a113-5820cdab4206} - C:\Program Files (x86)\SearchFlyBar3\prxtbSear.dll (Conduit Ltd.) Toolbar: HKLM-x32 - MixiDJ V46 Toolbar - {62cad681-699f-4f83-b87f-95584003592f} - C:\Program Files (x86)\MixiDJ_V46\prxtbMixi.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox: ======== FF ProfilePath: C:\Users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\e94mduab.default FF DefaultSearchEngine: Bing FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Bing FF Homepage: www.facebook.com/ FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media ) FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @raidcall.kr/RCplugin - C:\Users\Wolfgirl1920\AppData\Roaming\RCKR\plugins\nprcplugin.dll (Raidcall) FF SearchPlugin: C:\Users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\e94mduab.default\searchplugins\yahoo_ff.xml FF Extension: iCloud Bookmarks - C:\Users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\e94mduab.default\Extensions\firefoxdav@icloud.com [2013-12-23] FF Extension: Start Page - C:\Users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\e94mduab.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} [2014-01-29] FF Extension: Adblock Plus - C:\Users\Salina\AppData\Roaming\Mozilla\Firefox\Profiles\e94mduab.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-29] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-19] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-19] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-27] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "" CHR Extension: (Google Docs) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03] CHR Extension: (Google Drive) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03] CHR Extension: (YouTube) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03] CHR Extension: (wxDownload) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknalfmhfpndcjfgmpgbigdgdmbebfpg [2014-02-03] CHR Extension: (Google Search) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03] CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-02-03] CHR Extension: (Domain Error Assistant) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-02-03] CHR Extension: (Norton Identity Protection) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-02-03] CHR Extension: (Google Wallet) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03] CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-02-03] CHR Extension: (Gmail) - C:\Users\Salina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03] CHR HKLM-x32\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\Wolfgirl1920\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-07-04] CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2013-07-04] CHR HKLM-x32\...\Chrome\Extension: [ccifdkgnonhkcmaoappjpmijdhlppgmg] - C:\Users\Wolfgirl1920\AppData\Local\CRE\ccifdkgnonhkcmaoappjpmijdhlppgmg.crx [2013-06-13] CHR HKLM-x32\...\Chrome\Extension: [cknalfmhfpndcjfgmpgbigdgdmbebfpg] - C:\ProgramData\wxDownload\cknalfmhfpndcjfgmpgbigdgdmbebfpg.crx [2012-10-22] CHR HKLM-x32\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Wolfgirl1920\AppData\Local\Temp\bhfiles\smileyswelovetoolbar_3_0_8_0.crx [2012-10-22] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-29] CHR HKLM-x32\...\Chrome\Extension: [nkmdkhlmpgjdekdinojlgljadcjnfcjn] - C:\Users\Wolfgirl1920\AppData\Local\CRE\nkmdkhlmpgjdekdinojlgljadcjnfcjn.crx [2013-06-08] CHR HKLM-x32\...\Chrome\Extension: [pcajpdcjfekhfnapaiphaecoajeollnc] - C:\Users\Wolfgirl1920\AppData\Local\CRE\pcajpdcjfekhfnapaiphaecoajeollnc.crx [2013-06-05] CHR HKLM-x32\...\Chrome\Extension: [pghhekebaieongdhflfiknpdilodpkdg] - C:\Users\Wolfgirl1920\AppData\Local\CRE\pghhekebaieongdhflfiknpdilodpkdg.crx [2013-06-25]
==================== Services (Whitelisted) =================
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-03] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140205.001\IDSvia64.sys [521944 2014-02-03] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140204.024\ENG64.SYS [126040 2014-02-03] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140204.024\EX64.SYS [2099288 2014-02-03] (Symantec Corporation) R1 SRTSP; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation) S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-10] (MCCI Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-27] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation) S3 X6va005; \??\C:\Users\WOLFGI~1\AppData\Local\Temp\005399.tmp [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-05 07:46 - 2014-02-05 07:47 - 00025040 _____ () C:\Users\Salina\Desktop\FRST.txt 2014-02-05 07:46 - 2014-02-05 07:46 - 00000000 ____D () C:\FRST 2014-02-05 07:43 - 2014-02-05 07:45 - 00000000 ____D () C:\Users\Salina\Desktop\FRST64 2014-02-05 07:43 - 2014-02-05 07:43 - 02080256 _____ (Farbar) C:\Users\Salina\Desktop\FRST64.exe 2014-02-04 18:56 - 2014-02-04 18:56 - 00000053 _____ () C:\Users\Salina\Desktop\group health.txt 2014-02-04 18:13 - 2014-02-04 18:13 - 00002377 _____ () C:\Users\Salina\Documents\MumbleAutomaticCertificateBackup.p12 2014-02-04 18:10 - 2014-02-04 20:45 - 00000000 ____D () C:\Users\Salina\AppData\Roaming\Mumble 2014-02-04 08:26 - 2014-02-04 09:12 - 00000510 _____ () C:\Users\Wolfgirl1920\AppData\Roaming\Microsoft\Windows\Start Menu\Fake App Attack Misleading File Download 3. Malware Removal.website 2014-02-04 07:53 - 2014-02-04 08:21 - 00000000 ____D () C:\Users\Wolfgirl1920\AppData\Local\NPE 2014-02-04 07:29 - 2014-02-04 07:29 - 01022064 _____ (Symantec Corporation) C:\Users\Salina\Downloads\NBRT-SOS-Downloader.exe 2014-02-04 05:18 - 2014-02-04 07:42 - 00000000 ____D () C:\Users\Salina\AppData\Local\NPE 2014-02-04 05:17 - 2014-02-04 05:17 - 03053496 ____N (Symantec Corporation) C:\Users\Salina\Downloads\NPE.exe 2014-02-04 05:08 - 2014-02-04 05:18 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\NPE 2014-02-04 00:33 - 2014-02-04 00:36 - 24859352 _____ (Microsoft Corporation) C:\Users\Richie1920\Downloads\Windows-KB890830-x64-V5.8.exe 2014-02-03 18:07 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-02-03 18:02 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-02-03 18:02 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-02-03 18:02 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-02-03 18:02 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-02-03 18:02 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-02-03 18:02 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-02-03 18:02 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-02-03 18:02 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-02-03 16:47 - 2014-02-03 16:47 - 00000000 ____D () C:\Users\Richie1920\Desktop\Old Firefox Data 2014-02-03 15:52 - 2014-02-03 15:53 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\{30874F1D-19EE-4635-9289-FB67216F2F95} 2014-02-03 15:52 - 2014-02-03 15:52 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\{D8A06303-5C0C-49C4-B7EE-2E6CED3CBAAB} 2014-02-03 13:10 - 2014-02-03 13:15 - 00000000 ____D () C:\Users\Salina\AppData\Local\Google 2014-01-28 19:33 - 2014-02-03 17:38 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\Slick Savings 2014-01-28 19:33 - 2014-01-28 19:33 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\Slick Savings 2014-01-27 18:18 - 2014-02-04 11:12 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-01-27 18:18 - 2014-01-27 18:18 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-01-27 18:18 - 2014-01-27 18:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-01-27 18:18 - 2014-01-27 18:18 - 00000000 ____D () C:\Program Files\iTunes 2014-01-27 18:18 - 2014-01-27 18:18 - 00000000 ____D () C:\Program Files\iPod 2014-01-27 17:32 - 2014-01-27 17:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-01-27 17:27 - 2014-01-27 17:27 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2014-01-27 17:27 - 2014-01-27 17:27 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2014-01-27 17:27 - 2014-01-27 17:27 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-01-27 17:27 - 2014-01-27 17:27 - 00002579 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-01-27 17:27 - 2014-01-27 17:27 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-01-27 17:25 - 2014-01-27 17:25 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-01-27 17:25 - 2014-01-27 17:25 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-01-27 17:22 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-27 17:22 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-01-27 17:22 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-01-27 17:22 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-01-27 17:21 - 2014-01-27 17:22 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-27 17:20 - 2014-01-27 17:20 - 00000000 ____D () C:\ProgramData\PCSettings 2014-01-27 17:06 - 2014-01-27 17:06 - 00001373 _____ () C:\Users\Salina\Downloads\Norton Installation Files.lnk 2014-01-27 17:06 - 2014-01-27 17:06 - 00000000 ____D () C:\Users\Salina\Documents\Symantec 2014-01-27 16:32 - 2014-01-27 16:35 - 00000000 ____D () C:\ProgramData\CenturyLink 2014-01-27 16:31 - 2014-01-27 16:35 - 00000000 ____D () C:\Program Files (x86)\Qwest 2014-01-27 16:31 - 2014-01-27 16:31 - 00000000 ____D () C:\Program Files (x86)\CenturyLink 2014-01-27 16:30 - 2014-01-27 16:31 - 00002415 _____ () C:\Windows\CenturyLinkInstallerSetup.log 2014-01-27 16:29 - 2014-01-27 16:30 - 02562968 _____ () C:\Users\Salina\Downloads\CenturyLinkInstallerSetup.exe 2014-01-27 16:10 - 2014-01-27 16:10 - 00011064 _____ () C:\Users\Salina\Downloads\CenturyLink_Configuration_Details.html
==================== One Month Modified Files and Folders =======
2014-02-05 07:47 - 2014-02-05 07:46 - 00025040 _____ () C:\Users\Salina\Desktop\FRST.txt 2014-02-05 07:46 - 2014-02-05 07:46 - 00000000 ____D () C:\FRST 2014-02-05 07:45 - 2014-02-05 07:43 - 00000000 ____D () C:\Users\Salina\Desktop\FRST64 2014-02-05 07:43 - 2014-02-05 07:43 - 02080256 _____ (Farbar) C:\Users\Salina\Desktop\FRST64.exe 2014-02-05 07:28 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-05 07:28 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-05 07:26 - 2012-08-06 10:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-05 07:24 - 2012-08-06 10:02 - 01544413 _____ () C:\Windows\WindowsUpdate.log 2014-02-05 07:23 - 2013-07-12 06:26 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2D569CED-FDCF-4914-9AD7-C08DACBD667A} 2014-02-05 07:21 - 2013-08-13 16:36 - 00000000 ____D () C:\Users\Salina\AppData\Roaming\Skype 2014-02-05 07:20 - 2012-11-11 10:56 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-02-05 07:20 - 2012-10-22 12:57 - 00000390 ____H () C:\Windows\Tasks\WxDFastUpdaterTask{098A328E-2A3A-4A50-A574-547B7EC7A221}.job 2014-02-05 07:20 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-05 07:20 - 2009-07-13 20:51 - 00088560 _____ () C:\Windows\setupact.log 2014-02-04 22:12 - 2013-07-06 17:44 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\PMB Files 2014-02-04 22:11 - 2012-08-06 18:28 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\Deployment 2014-02-04 22:11 - 2012-08-06 18:14 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-02-04 22:03 - 2013-06-17 01:03 - 00000306 _____ () C:\Windows\Tasks\DSite.job 2014-02-04 20:45 - 2014-02-04 18:10 - 00000000 ____D () C:\Users\Salina\AppData\Roaming\Mumble 2014-02-04 18:56 - 2014-02-04 18:56 - 00000053 _____ () C:\Users\Salina\Desktop\group health.txt 2014-02-04 18:13 - 2014-02-04 18:13 - 00002377 _____ () C:\Users\Salina\Documents\MumbleAutomaticCertificateBackup.p12 2014-02-04 18:08 - 2012-08-10 22:03 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-02-04 18:06 - 2013-06-16 23:41 - 00000000 ____D () C:\Program Files (x86)\SafeSaver 2014-02-04 18:06 - 2010-11-20 19:47 - 01879160 _____ () C:\Windows\PFRO.log 2014-02-04 18:05 - 2013-07-12 06:25 - 00000000 ____D () C:\Users\Salina 2014-02-04 18:04 - 2012-09-19 21:08 - 00000000 ____D () C:\Program Files (x86)\Mumble 2014-02-04 15:10 - 2013-01-04 13:16 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-02-04 15:10 - 2012-08-07 11:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-02-04 15:05 - 2013-07-16 13:41 - 00000000 ____D () C:\Users\Salina\AppData\Roaming\HpUpdate 2014-02-04 15:05 - 2013-07-16 13:41 - 00000000 ____D () C:\Users\Salina\AppData\Roaming\HP Support Assistant 2014-02-04 11:12 - 2014-01-27 18:18 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-02-04 09:27 - 2013-07-20 10:25 - 00000000 ____D () C:\Users\Salina\AppData\Local\Adobe 2014-02-04 09:23 - 2012-08-06 10:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-04 09:23 - 2012-08-06 10:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-04 09:23 - 2012-05-16 23:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-04 09:16 - 2013-07-12 06:26 - 00000000 ____D () C:\Users\Salina\AppData\Local\LogMeIn Hamachi 2014-02-04 09:12 - 2014-02-04 08:26 - 00000510 _____ () C:\Users\Wolfgirl1920\AppData\Roaming\Microsoft\Windows\Start Menu\Fake App Attack Misleading File Download 3. Malware Removal.website 2014-02-04 08:33 - 2012-05-16 23:54 - 00000000 ____D () C:\ProgramData\WildTangent 2014-02-04 08:28 - 2009-07-13 21:13 - 00796910 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-04 08:26 - 2011-02-11 09:15 - 00775482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-04 08:21 - 2014-02-04 07:53 - 00000000 ____D () C:\Users\Wolfgirl1920\AppData\Local\NPE 2014-02-04 08:14 - 2012-10-24 16:45 - 00000000 ____D () C:\Users\Wolfgirl1920\AppData\Local\PMB Files 2014-02-04 07:50 - 2013-03-08 01:15 - 00000000 ____D () C:\Users\Wolfgirl1920\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com 2014-02-04 07:46 - 2012-08-06 10:17 - 00000000 ____D () C:\Users\Wolfgirl1920\AppData\Local\Mozilla 2014-02-04 07:43 - 2012-08-06 10:07 - 00001419 _____ () C:\Users\Wolfgirl1920\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-04 07:42 - 2014-02-04 05:18 - 00000000 ____D () C:\Users\Salina\AppData\Local\NPE 2014-02-04 07:37 - 2012-05-16 23:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-02-04 07:34 - 2013-05-29 04:59 - 00000000 ____D () C:\ProgramData\SearchNewTab 2014-02-04 07:33 - 2013-03-17 18:01 - 00000000 ____D () C:\ProgramData\Vauaddix 2014-02-04 07:32 - 2012-05-17 00:06 - 00000000 ____D () C:\ProgramData\Norton 2014-02-04 07:30 - 2012-10-08 19:30 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-02-04 07:29 - 2014-02-04 07:29 - 01022064 _____ (Symantec Corporation) C:\Users\Salina\Downloads\NBRT-SOS-Downloader.exe 2014-02-04 05:50 - 2012-08-06 18:00 - 00000000 ____D () C:\Users\Richie1920 2014-02-04 05:46 - 2012-08-06 10:02 - 00000000 ____D () C:\Users\Wolfgirl1920 2014-02-04 05:18 - 2014-02-04 05:08 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\NPE 2014-02-04 05:17 - 2014-02-04 05:17 - 03053496 ____N (Symantec Corporation) C:\Users\Salina\Downloads\NPE.exe 2014-02-04 05:15 - 2013-06-16 23:40 - 00000000 ____D () C:\ProgramData\safe saaVE 2014-02-04 05:10 - 2009-07-13 20:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-04 05:08 - 2012-08-06 18:01 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BECB6600-4FE8-4824-BA79-A270837AAB0D} 2014-02-04 01:05 - 2012-08-06 10:21 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2014-02-04 00:36 - 2014-02-04 00:33 - 24859352 _____ (Microsoft Corporation) C:\Users\Richie1920\Downloads\Windows-KB890830-x64-V5.8.exe 2014-02-03 22:20 - 2013-12-31 16:20 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRichie1920 2014-02-03 22:20 - 2013-12-31 16:20 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForRichie1920.job 2014-02-03 17:57 - 2013-07-06 17:44 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\BITS 2014-02-03 17:39 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-02-03 17:38 - 2014-01-28 19:33 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\Slick Savings 2014-02-03 17:38 - 2013-12-19 17:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-03 17:38 - 2013-12-13 17:22 - 00000000 ____D () C:\Users\Salina\AppData\Roaming\BITS 2014-02-03 17:38 - 2013-07-06 17:50 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\Azureus 2014-02-03 17:38 - 2012-10-24 16:45 - 00000000 ____D () C:\ProgramData\PMB Files 2014-02-03 17:38 - 2012-08-06 10:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-03 17:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat 2014-02-03 17:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration 2014-02-03 17:34 - 2013-12-17 18:35 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\Mumble 2014-02-03 17:34 - 2012-08-06 18:02 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\Mozilla 2014-02-03 17:33 - 2013-06-16 20:50 - 00000000 ____D () C:\Program Files (x86)\Google 2014-02-03 16:47 - 2014-02-03 16:47 - 00000000 ____D () C:\Users\Richie1920\Desktop\Old Firefox Data 2014-02-03 15:53 - 2014-02-03 15:52 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\{30874F1D-19EE-4635-9289-FB67216F2F95} 2014-02-03 15:52 - 2014-02-03 15:52 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\{D8A06303-5C0C-49C4-B7EE-2E6CED3CBAAB} 2014-02-03 13:15 - 2014-02-03 13:10 - 00000000 ____D () C:\Users\Salina\AppData\Local\Google 2014-01-29 15:17 - 2013-07-13 12:03 - 00000000 ____D () C:\Users\Salina\AppData\Local\CrashDumps 2014-01-28 19:33 - 2014-01-28 19:33 - 00000000 ____D () C:\Users\Richie1920\AppData\Local\Slick Savings 2014-01-28 18:29 - 2012-08-14 11:13 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\HpUpdate 2014-01-28 18:29 - 2012-08-14 11:13 - 00000000 ____D () C:\Users\Richie1920\AppData\Roaming\HP Support Assistant 2014-01-28 03:02 - 2013-07-15 23:00 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-27 18:18 - 2014-01-27 18:18 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-01-27 18:18 - 2014-01-27 18:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-01-27 18:18 - 2014-01-27 18:18 - 00000000 ____D () C:\Program Files\iTunes 2014-01-27 18:18 - 2014-01-27 18:18 - 00000000 ____D () C:\Program Files\iPod 2014-01-27 18:15 - 2012-08-06 10:22 - 00000000 ____D () C:\ProgramData\Apple 2014-01-27 17:32 - 2014-01-27 17:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-01-27 17:27 - 2014-01-27 17:27 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2014-01-27 17:27 - 2014-01-27 17:27 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2014-01-27 17:27 - 2014-01-27 17:27 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-01-27 17:27 - 2014-01-27 17:27 - 00002579 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-01-27 17:27 - 2014-01-27 17:27 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-01-27 17:25 - 2014-01-27 17:25 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-01-27 17:25 - 2014-01-27 17:25 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-01-27 17:22 - 2014-01-27 17:21 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-27 17:22 - 2013-12-06 20:41 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-27 17:22 - 2013-07-04 12:31 - 00000000 ____D () C:\Program Files (x86)\Java 2014-01-27 17:20 - 2014-01-27 17:20 - 00000000 ____D () C:\ProgramData\PCSettings 2014-01-27 17:14 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-01-27 17:06 - 2014-01-27 17:06 - 00001373 _____ () C:\Users\Salina\Downloads\Norton Installation Files.lnk 2014-01-27 17:06 - 2014-01-27 17:06 - 00000000 ____D () C:\Users\Salina\Documents\Symantec 2014-01-27 16:35 - 2014-01-27 16:32 - 00000000 ____D () C:\ProgramData\CenturyLink 2014-01-27 16:35 - 2014-01-27 16:31 - 00000000 ____D () C:\Program Files (x86)\Qwest 2014-01-27 16:31 - 2014-01-27 16:31 - 00000000 ____D () C:\Program Files (x86)\CenturyLink 2014-01-27 16:31 - 2014-01-27 16:30 - 00002415 _____ () C:\Windows\CenturyLinkInstallerSetup.log 2014-01-27 16:30 - 2014-01-27 16:29 - 02562968 _____ () C:\Users\Salina\Downloads\CenturyLinkInstallerSetup.exe 2014-01-27 16:10 - 2014-01-27 16:10 - 00011064 _____ () C:\Users\Salina\Downloads\CenturyLink_Configuration_Details.html 2014-01-17 16:43 - 2009-07-13 21:08 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-06 16:20 - 2012-08-07 08:21 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Files to move or delete: ==================== C:\Users\Wolfgirl1920\AppData\Roaming\Camdata.ini C:\Users\Wolfgirl1920\AppData\Roaming\CamLayout.ini C:\Users\Wolfgirl1920\AppData\Roaming\CamShapes.ini
Some content of TEMP: ==================== C:\Users\Richie1920\AppData\Local\Temp\kwlqx8xa.dll C:\Users\Salina\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Salina\AppData\Local\Temp\NIS2014.exe C:\Users\Salina\AppData\Local\Temp\SkypeSetup.exe C:\Users\Salina\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_28752.exe C:\Users\Wolfgirl1920\AppData\Local\Temp\VP6Install.exe C:\Users\Wolfgirl1920\AppData\Local\Temp\VP6VFW.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-30 16:26
==================== End Of Log ============================
Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2014 Ran by Salina at 2014-02-05 07:47:20 Running from C:\Users\Salina\Desktop Boot Mode: Normal ==========================================================
==================== Security Center ========================
AV: Norton Internet Security Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated) Age of Empires® III: Complete Collection (x32 Version: - ) Aion (x32 Version: 4.0.0.3 - NC Interactive, LLC) Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC) AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (Version: 3.0.864.0 - Advanced Micro Devices, Inc.) AMD VISION Engine Control Center (x32 Version: 2012.0211.52.1206 - Advanced Micro Devices, Inc.) Hidden Amnesia: The Dark Descent (x32 Version: - ) Apple Application Support (x32 Version: 3.0 - Apple Inc.) Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bluetooth by hp (Version: 6.3.0.8200 - Broadcom Corporation) Bonjour (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0211.52.1206 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0211.52.1206 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0211.52.1206 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Profiles Desktop (x32 Version: 2012.0211.52.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0211.0051.1206 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0211.52.1206 - Advanced Micro Devices, Inc.) Hidden CenturyLink Installer (x32 Version: 1.0 - CenturyLink, Inc.) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Criminal Minds (x32 Version: - Oberon Media) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diablo III (x32 Version: 1.0.7.14633 - Blizzard Entertainment) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Facebook (x32 Version: 1.1.0004 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Free Studio version 2013 (x32 Version: 6.1.0.320 - DVDVideoSoft Ltd.) GameStop App (x32 Version: 4.00 - GameStop) GameStop App (x32 Version: 4.00 - GameStop) Hidden Google Update Helper (x32 Version: 1.3.21.149 - Google Inc.) Hidden Heroes of Might and Magic V: Tribes of the East (x32 Version: - Ubisoft) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Application Assistant (Version: 1.0.393.3870 - Hewlett-Packard) HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Calendar (x32 Version: 5.1.4245.23508 - Hewlett-Packard) HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden HP Clock (x32 Version: 5.1.4244.16367 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Games (x32 Version: 1.0.2.5 - WildTangent) HP LinkUp (x32 Version: 2.01.029 - Hewlett-Packard) HP Magic Canvas (x32 Version: 5.1.15.0 - Hewlett-Packard) HP Magic Canvas Tutorials (x32 Version: 5.0.0.3 - Hewlett-Packard) HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden HP MovieStore (x32 Version: 2.1.21091.0 - Hewlett-Packard Company) HP Notes (x32 Version: 5.1.4274.30382 - Hewlett-Packard) HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard) HP RSS (x32 Version: 5.1.4301.21494 - Hewlett-Packard) HP Setup (x32 Version: 9.0.15130.3904 - Hewlett-Packard Company) HP Setup Manager (x32 Version: 1.2.15145.3905 - Hewlett-Packard Company) HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company) HP Support Information (x32 Version: 11.00.0001 - Hewlett-Packard) HP TouchSmart Background - Beats (x32 Version: 1.0.1.0 - Hewlett-Packard) HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730 - Hewlett-Packard) HP Update (x32 Version: 5.003.001.001 - Hewlett-Packard) HP Vision Hardware Diagnostics (Version: 2.12.1.0 - Hewlett-Packard) HP Weather (x32 Version: 5.1.4295.16450 - Hewlett-Packard) HydraVision (x32 Version: 4.2.222.0 - Advanced Micro Devices, Inc.) Hidden iCloud (Version: 3.1.0.40 - Apple Inc.) Insanely Twisted Shadow Planet (x32 Version: - ) iTunes (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 51 (x32 Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kobo (x32 Version: 2.0.3 - Kobo Inc.) Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Logitech SetPoint 6.32 (Version: 6.32.20 - Logitech) LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Magical Diary (x32 Version: - ) Magical Drop V (x32 Version: - ) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Metric Converter (x32 Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mathematics (x32 Version: 4.0 - Microsoft Corporation) Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation) MixiDJ V46 Toolbar (x32 Version: 6.13.3.505 - MixiDJ V46) <==== ATTENTION Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) Mumble 1.2.4 (x32 Version: 1.2.4 - Thorvald Natvig) NCSOFT Game Launcher (x32 Version: - NCSOFT) Need For Speed™ World (x32 Version: 1.0.0.1055 - Electronic Arts) Norton Internet Security (x32 Version: 21.1.0.18 - Symantec Corporation) Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Origin (x32 Version: 9.0.2.2064 - Electronic Arts, Inc.) Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation) Pokémon Trading Card Game Online (x32 Version: 1.0.0 - The Pokémon Company International) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden PressReader (x32 Version: 5.11.0721.0 - NewspaperDirect Inc.) Project64 1.6 (x32 Version: 1.6 - Project64) RaidCall (x32 Version: 7.0.4-1.0.2409.253 - raidcall.com) RAIDXpert (x32 Version: 3.3.1540.19 - AMD) RAIDXpert (x32 Version: 3.3.1540.19 - AMD) Hidden Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden Remote Graphics Receiver (x32 Version: 5.4.5 - Hewlett-Packard) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden SDO-X (Version: - CiB Net Station) SDO-X (x32 Version: - CiB Net Station) SearchFlyBar3 Toolbar (x32 Version: 6.14.0.27 - SearchFlyBar3) Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 6.6 (x32 Version: 6.6.106 - Skype Technologies S.A.) Sony Music Sync (x32 Version: - ) Spot (x32 Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Star Wars: The Old Republic (x32 Version: 1.00 - Electronic Arts, Inc.) Steam (x32 Version: 1.0.0.0 - Valve Corporation) Tap Tap Bear (x32 Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Terraria (x32 Version: - ) Terraria Game Launcher GUI version 1.2.2 (x32 Version: 1.2.2 - ) The Sims 2 Family Fun Stuff (x32 Version: - ) The Sims 2 Open For Business (x32 Version: - ) The Sims™ 2 Double Deluxe (x32 Version: - Electronic Arts) The Sims™ 2 Seasons (x32 Version: - ) The Sims™ 2 Teen Style Stuff (x32 Version: - Electronic Arts) The Sims™ 3 (x32 Version: 1.50.56 - Electronic Arts) The Sims™ 3 Pets (x32 Version: 10.0.96 - Electronic Arts) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WeDance Online 20130508 (x32 Version: 20130508 - CiB Net Station) WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden World of Warcraft (x32 Version: - Blizzard Entertainment) World of Warcraft Beta (x32 Version: 5.0.5.16048 - Blizzard Entertainment) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden ZoneAlarm LTD Toolbar (Version: - Check Point Software Technologies) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Restore Points =========================
04-02-2014 11:00:27 Windows Update 04-02-2014 13:29:13 Norton_Power_Eraser_20140204052909093 04-02-2014 15:35:24 Removed LoveBeat 04-02-2014 16:01:13 Removed Zinio Reader 4 04-02-2014 16:21:14 Windows Update 05-02-2014 01:55:12 Removed Mumble 1.2.3 05-02-2014 02:02:52 Installed Mumble 1.2.4
==================== Hosts content: ==========================
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {02C9C251-FF45-4B3F-95C1-624668B7CEAB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation) Task: {06D3D254-2EE3-40DF-BFFD-4F5A4100A009} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {10D10356-B890-4FB4-8DC0-A35AEAAE3F74} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {133379A4-E814-40EA-AE76-293897FEFD8B} - System32\Tasks\WxDFastUpdaterTask{098A328E-2A3A-4A50-A574-547B7EC7A221} => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION Task: {2A77AC77-6A35-4D1F-AE5E-86882968AE6E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {3C1E7A50-CAAD-473A-9306-59A92D53D923} - System32\Tasks\HPCeeScheduleForRichie1920 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {404CD257-AD88-4857-8BA6-F4FD51674C2B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {62F553AF-48B5-47E4-A5C6-92355E522882} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION Task: {632F6B8E-F267-4101-9495-ED5CCCEC37FA} - System32\Tasks\{A17B34CC-94E2-4194-8AEA-085E09C37766} => C:\Users\Wolfgirl1920\Desktop\requiem-3.3.6-win\Requiem.exe Task: {70D06EA7-2164-45C0-9F51-ADECD31F9027} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company) Task: {78E1595E-8984-4831-A31E-2050B399FBC6} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation) Task: {814BC785-B809-4362-A9E5-29B76A98D6CE} - System32\Tasks\{A7F071FE-53B5-4256-8C61-F447B3FEC22E} => C:\Users\Wolfgirl1920\Desktop\requiem-3.3.6-win\Requiem.exe Task: {8BA029ED-CD36-4DC6-96B6-DEAE08CE8FAF} - System32\Tasks\4812 => Wscript.exe C:\Users\WOLFGI~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {B4A85D41-5AF5-4EE3-99C6-D43E1BDF1E89} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated) Task: {B5351DBB-5146-4581-BB94-6D3A9FF91793} - System32\Tasks\{79FF545D-C255-48C0-94D1-985D14CB28C4} => C:\Program Files (x86)\World of Warcraft\Launcher.exe Task: {B5B885A7-542D-4E9B-8863-5FE3781441E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {C3AF729B-4940-4B16-8583-A83220757537} - \RunAsStdUser Task No Task File Task: {E00A29EF-69FB-41B2-9670-0B2DF278753A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4084707046-1126817773-2197132759-1000 Task: {E4595279-0D34-43B6-AE4A-76B40796783E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation) Task: {F0AC16E3-64F9-44CB-B31F-2F07ADAC1477} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard) Task: {F6324E96-B506-437D-AB32-B0570978F014} - System32\Tasks\DSite => C:\Users\WOLFGI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DSite.job => C:\Users\WOLFGI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\HPCeeScheduleForRichie1920.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\WxDFastUpdaterTask{098A328E-2A3A-4A50-A574-547B7EC7A221}.job => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-07-22 13:48 - 2011-07-22 13:48 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:214562D2
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Faulty Device Manager Devices =============
Name: HP Bluetooth module Description: HP Bluetooth module Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors: ================== Error: (02/04/2014 06:03:58 PM) (Source: Microsoft-Windows-RestartManager) (User: Wolfgirl1920-HP) Description: Application or service 'iTunesHelper' could not be shut down.
Error: (02/04/2014 06:03:28 PM) (Source: Microsoft-Windows-RestartManager) (User: Wolfgirl1920-HP) Description: Application or service 'YSLoader.exe' could not be shut down.
Error: (02/04/2014 08:29:17 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003
Error: (02/04/2014 08:28:36 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
Error: (02/04/2014 08:28:36 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
Error: (02/04/2014 08:01:31 AM) (Source: MsiInstaller) (User: Wolfgirl1920-HP) Description: Product: Zinio Reader 4 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\7d458d.ipi, -2147287035,
Error: (02/04/2014 07:49:10 AM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 26.0.0.5087 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1d58
Start Time: 01cf21c068bb38b8
Termination Time: 16
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: deb0f03a-8db3-11e3-9f5f-902b342a72f3
Error: (02/04/2014 07:47:15 AM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 26.0.0.5087 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1b1c
Start Time: 01cf21c0212b06a5
Termination Time: 30
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 93a8b034-8db3-11e3-9f5f-902b342a72f3
Error: (02/04/2014 07:44:50 AM) (Source: Application Error) (User: ) Description: Faulting application name: CenturyLinkTouchPointAgent.exe, version: 2013.11.0.2, time stamp: 0x5241ae69 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116 Exception code: 0xe053534f Fault offset: 0x0000c41f Faulting process id: 0x%9 Faulting application start time: 0xCenturyLinkTouchPointAgent.exe0 Faulting application path: CenturyLinkTouchPointAgent.exe1 Faulting module path: CenturyLinkTouchPointAgent.exe2 Report Id: CenturyLinkTouchPointAgent.exe3
Error: (02/04/2014 00:32:47 AM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 26.0.0.5087 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1798
Start Time: 01cf21835449bdd4
Termination Time: 50
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: e8b25af9-8d76-11e3-98fa-902b342a72f3
System errors: ============= Error: (02/05/2014 07:46:27 AM) (Source: ipnathlp) (User: ) Description: 0
Error: (02/05/2014 07:31:10 AM) (Source: ipnathlp) (User: ) Description: 0
Error: (02/05/2014 07:27:59 AM) (Source: ipnathlp) (User: ) Description: 0
Error: (02/05/2014 07:20:48 AM) (Source: Service Control Manager) (User: ) Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: %%1053
Error: (02/05/2014 07:20:48 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
Error: (02/04/2014 10:23:57 PM) (Source: ipnathlp) (User: ) Description: 0
Error: (02/04/2014 10:04:54 PM) (Source: ipnathlp) (User: ) Description: 0
Error: (02/04/2014 09:50:58 PM) (Source: ipnathlp) (User: ) Description: 0
Error: (02/04/2014 06:09:00 PM) (Source: DCOM) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/04/2014 06:08:08 PM) (Source: Service Control Manager) (User: ) Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: %%1053
Microsoft Office Sessions: ========================= Error: (02/04/2014 06:03:58 PM) (Source: Microsoft-Windows-RestartManager)(User: Wolfgirl1920-HP) Description: 4C:\Program Files (x86)\iTunes\iTunesHelper.exeiTunesHelper0241777280
Error: (02/04/2014 06:03:28 PM) (Source: Microsoft-Windows-RestartManager)(User: Wolfgirl1920-HP) Description: 4C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exeYSLoader.exe0541772640
Error: (02/04/2014 08:29:17 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003 System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Error: (02/04/2014 08:28:36 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06 PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
Error: (02/04/2014 08:28:36 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06 PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
Error: (02/04/2014 08:01:31 AM) (Source: MsiInstaller)(User: Wolfgirl1920-HP) Description: Product: Zinio Reader 4 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\7d458d.ipi, -2147287035, (NULL)(NULL)(NULL)(NULL)(NULL)
Error: (02/04/2014 07:49:10 AM) (Source: Application Hang)(User: ) Description: firefox.exe26.0.0.50871d5801cf21c068bb38b816C:\Program Files (x86)\Mozilla Firefox\firefox.exedeb0f03a-8db3-11e3-9f5f-902b342a72f3
Error: (02/04/2014 07:47:15 AM) (Source: Application Hang)(User: ) Description: firefox.exe26.0.0.50871b1c01cf21c0212b06a530C:\Program Files (x86)\Mozilla Firefox\firefox.exe93a8b034-8db3-11e3-9f5f-902b342a72f3
Error: (02/04/2014 07:44:50 AM) (Source: Application Error)(User: ) Description: CenturyLinkTouchPointAgent.exe2013.11.0.25241ae69KERNELBASE.dll6.1.7601.1822951fb1116e053534f0000c41f
Error: (02/04/2014 00:32:47 AM) (Source: Application Hang)(User: ) Description: firefox.exe26.0.0.5087179801cf21835449bdd450C:\Program Files (x86)\Mozilla Firefox\firefox.exee8b25af9-8d76-11e3-98fa-902b342a72f3
CodeIntegrity Errors: =================================== Date: 2012-11-10 04:44:45.100 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-11-10 04:44:45.068 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-11-10 04:44:45.053 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-11-10 04:44:45.022 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 22% Total physical RAM: 10005.44 MB Available physical RAM: 7736.46 MB Total Pagefile: 20009.05 MB Available Pagefile: 17666.63 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:914.11 GB) (Free:467.01 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:17.12 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931 GB) (Disk ID: 410ADF38) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=914 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Feb 5, 2014 8:09:28 GMT -8
Thank you for the logs; sometimes the servers do act up, so not a problem. Quads (lives in NZ so allow for TimeZone difference) will be along later to help fix your system with a script.
How is your system running? Any events (other than the usual updates and Quick scans) with Norton?
|
|
|
Post by wolfgirl1719 on Feb 5, 2014 16:17:32 GMT -8
There's no other events other than the updates
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 5, 2014 16:17:48 GMT -8
Is your Browser(s) still crashing??
You do have items to deal with but not quite what I would have expected
Quads
|
|