Reply to thread

Message: <blockquote data-quote="bferris" data-source="post: 192622" data-attributes="member: 22039">Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-05-2014Ran by Brian at 2014-05-07 14:54:59Running from C:\Users\Brian\DesktopBoot Mode: Normal============================================================================== Security Center ============================================ Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) HiddenActivate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) HiddenAdobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) HiddenFaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 -  )Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenHewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) HiddenHP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)HP MediaSmart DVD (x32 Version: 3.0.3420 - Hewlett-Packard) HiddenHP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601 - Hewlett-Packard) HiddenHP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)HP Remote Solution (x32 Version: 1.1.9.0 - TopSeed) HiddenHP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) HiddenLexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version:  - Lexmark International, Inc.)Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version:  - )LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) HiddenMicrosoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)Microsoft Live Search Toolbar (x32 Version: 3.0.560.0 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) HiddenMicrosoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) HiddenMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Norton AntiVirus (HKLM-x32\...\NAV) (Version: 20.4.0.40 - Symantec Corporation)Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.0.43 - Symantec Corporation)PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) HiddenQuicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) HiddenVisual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)Windows Live Communications Platform (x32 Version: 14.0.8098.930 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) HiddenWindows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)==================== Restore Points  =========================Could not list Restore Points. Check "winmgmt" service or repair WMI.==================== Hosts content: ==========================2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============Task: {2F4EC9C6-149D-4D99-8C53-110F663920D5} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {303F2AA5-F92F-4E1E-9768-BC167C657A6E} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exeTask: {3045D09C-1C8A-4A68-AEB4-6C779869A9CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {3E503D63-5C4E-41C8-9075-F403D0D5EF37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {47005D88-FD24-43F8-BF48-DE1481D7A42B} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)Task: {6009C98C-0FC1-4311-ACAE-1972FB56D676} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)Task: {601331BD-8B77-4C8C-BC78-24F0EE094AA6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)Task: {7A5A0845-D069-4CF3-9FEF-37A7E8245C46} - System32\Tasks\{34AD4592-80AA-4468-9D8C-165B6C84D017} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-04-02] (eBay Inc.)Task: {836E27DB-E3DB-413C-B53E-7DAC01FDDB38} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-14] (Google Inc.)Task: {869F2401-E3DF-41A4-B724-3320D6F5DA04} - System32\Tasks\{174A265D-9EA5-46FD-ACD1-C4481EBDECB2} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-04-02] (eBay Inc.)Task: {8990AD49-FBD3-4CC7-83BB-129F49D589F1} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {91F74AB1-CE0B-41FD-A88A-1B506A230FAE} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)Task: {950FBC1E-4FB2-416A-AA78-856A8CC81D7E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)Task: {BF9BA27A-C573-48CB-927A-A374B9DD2621} - System32\Tasks\{DA090518-D248-4A5D-AC7E-99E6A59B865D} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-04-02] (eBay Inc.)Task: {C5E11EF5-3E7C-48D1-8C48-41CE81AB79DB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)Task: {CF1274C2-DFEF-47C8-8F81-40AEDEE49ADF} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)Task: {E1D9B880-61F1-44C2-95C7-383D9483E3E4} - System32\Tasks\{2558E151-354D-4E57-93E3-52CE69D055F5} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-04-02] (eBay Inc.)Task: {E53E9DC9-1A69-4F77-B50C-0EA004D7CF57} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-14] (Google Inc.)Task: {E59533D1-654E-45F8-8700-C77CBA3E2D5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2013-11-04] (Hewlett-Packard Company)Task: {EA54D70F-7C51-4915-98EB-125F6C151ED5} - System32\Tasks\HPCeeScheduleForBrian => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForBrian.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe==================== Loaded Modules (whitelisted) =============2010-03-01 16:30 - 2007-02-18 17:17 - 00026624 _____ () C:\Windows\system32\ddmon64x.dll2009-12-14 20:35 - 2006-10-18 08:24 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll2009-12-14 20:35 - 2006-10-18 06:32 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5400 Series\ipcmt64.dll2009-12-14 20:35 - 2006-11-13 05:40 - 00146432 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxctdrpp.dll2006-08-08 17:21 - 2006-08-08 17:21 - 00732160 _____ () C:\Windows\system32\lxctdrs.dll2006-08-14 18:17 - 2006-08-14 18:17 - 00025088 _____ () C:\Windows\system32\lxctcaps.dll2006-05-03 15:31 - 2006-05-03 15:31 - 00054784 _____ () C:\Windows\system32\lxctcnv4.dll2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll==================== Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:\ProgramData\Temp:411E1BE2AlternateDataStreams: C:\ProgramData\Temp:430C6D84AlternateDataStreams: C:\ProgramData\Temp<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin    :D" loading="lazy" data-shortname=":D" />1B5B4F1AlternateDataStreams: C:\ProgramData\Temp<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin    :D" loading="lazy" data-shortname=":D" />FC5A2B2==================== Safe Mode (whitelisted) ======================================= EXE Association (whitelisted) ================================= Disabled items from MSCONFIG ==============MSCONFIG\Services: AgereModemAudio => 2MSCONFIG\Services: HP Support Assistant Service => 2MSCONFIG\Services: HPDrvMntSvc.exe => 2MSCONFIG\Services: hpqwmiex => 3MSCONFIG\Services: LightScribeService => 2MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-USMSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe"MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEWMSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exeMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Lexmark 5400 Series => "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /sMSCONFIG\startupreg: LXCTCATS => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll,RunDLLEntryMSCONFIG\startupreg: lxctmon.exe => "C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe"MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDMSCONFIG\startupreg: PCTools FGuard => C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exeMSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /backgroundMSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"==================== Faulty Device Manager Devices =============Could not list Devices. Check "winmgmt" service or repair WMI.==================== Event log errors: =========================Application errors:==================Error: (05/01/2014 03:50:45 PM) (Source: Windows Activation Technologies) (User: ) (EventID: 14)Description: Genuine validation failure:  hr = 0x800706BAError: (05/01/2014 03:39:02 PM) (Source: Microsoft-Windows-CAPI2) (User: ) (EventID: 512)Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.Details:Could not query the status of the EventSystem service.System Error:A system shutdown is in progress..Error: (04/16/2014 03:40:30 PM) (Source: Microsoft-Windows-CAPI2) (User: ) (EventID: 512)Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.Details:Could not query the status of the EventSystem service.System Error:A system shutdown is in progress..Error: (04/14/2014 03:59:01 PM) (Source: Application Error) (User: ) (EventID: 1000)Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137Exception code: 0xc0000005Fault offset: 0x0000000000001f58Faulting process id: 0x14b0Faulting application start time: 0xsvchost.exe_Dnscache0Faulting application path: svchost.exe_Dnscache1Faulting module path: svchost.exe_Dnscache2Report Id: svchost.exe_Dnscache3Error: (04/13/2014 11:17:55 AM) (Source: Application Error) (User: ) (EventID: 1000)Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137Exception code: 0xc0000005Fault offset: 0x0000000000001f58Faulting process id: 0xd60Faulting application start time: 0xsvchost.exe_Dnscache0Faulting application path: svchost.exe_Dnscache1Faulting module path: svchost.exe_Dnscache2Report Id: svchost.exe_Dnscache3Error: (04/13/2014 09:46:19 AM) (Source: Application Error) (User: ) (EventID: 1000)Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137Exception code: 0xc0000005Fault offset: 0x0000000000001f58Faulting process id: 0x1194Faulting application start time: 0xsvchost.exe_Dnscache0Faulting application path: svchost.exe_Dnscache1Faulting module path: svchost.exe_Dnscache2Report Id: svchost.exe_Dnscache3Error: (04/08/2014 11:33:46 AM) (Source: Application Error) (User: ) (EventID: 1000)Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137Exception code: 0xc0000005Fault offset: 0x0000000000001f58Faulting process id: 0x954Faulting application start time: 0xsvchost.exe_Dnscache0Faulting application path: svchost.exe_Dnscache1Faulting module path: svchost.exe_Dnscache2Report Id: svchost.exe_Dnscache3Error: (04/08/2014 01:43:49 AM) (Source: Application Error) (User: ) (EventID: 1000)Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137Exception code: 0xc0000005Fault offset: 0x0000000000001f58Faulting process id: 0x108cFaulting application start time: 0xsvchost.exe_Dnscache0Faulting application path: svchost.exe_Dnscache1Faulting module path: svchost.exe_Dnscache2Report Id: svchost.exe_Dnscache3Error: (04/07/2014 03:18:45 PM) (Source: Application Error) (User: ) (EventID: 1000)Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137Exception code: 0xc0000005Fault offset: 0x0000000000001f58Faulting process id: 0x268Faulting application start time: 0xsvchost.exe_Dnscache0Faulting application path: svchost.exe_Dnscache1Faulting module path: svchost.exe_Dnscache2Report Id: svchost.exe_Dnscache3Error: (03/04/2014 03:26:14 PM) (Source: Application Error) (User: ) (EventID: 1000)Description: Faulting application name: wlmail.exe, version: 14.0.8089.726, time stamp: 0x4a6ce53dFaulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10Exception code: 0xc0000005Fault offset: 0x0003a751Faulting process id: 0x15f8Faulting application start time: 0xwlmail.exe0Faulting application path: wlmail.exe1Faulting module path: wlmail.exe2Report Id: wlmail.exe3System errors:=============Error: (05/07/2014 02:57:39 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)Description: The Windows Management Instrumentation service terminated with the following error: %%127Error: (05/07/2014 02:56:58 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)Description: The Windows Management Instrumentation service terminated with the following error: %%127Error: (05/07/2014 02:56:28 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)Description: The Windows Management Instrumentation service terminated with the following error: %%127Error: (05/07/2014 02:55:58 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)Description: The Windows Management Instrumentation service terminated with the following error: %%127Error: (05/07/2014 02:55:28 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)Description: The Windows Management Instrumentation service terminated with the following error: %%127Error: (05/07/2014 02:54:58 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)Description: The Windows Management Instrumentation service terminated with the following error: %%127Error: (05/07/2014 02:53:35 PM) (Source: Disk) (User: ) (EventID: 7)Description: The device, \Device\Harddisk0\DR0, has a bad block.Error: (05/07/2014 02:53:32 PM) (Source: Disk) (User: ) (EventID: 7)Description: The device, \Device\Harddisk0\DR0, has a bad block.Error: (05/07/2014 02:35:42 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)Description: The Windows Management Instrumentation service terminated with the following error: %%127Error: (05/07/2014 02:35:12 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)Description: The Windows Management Instrumentation service terminated with the following error: %%127Microsoft Office Sessions:============================================= Memory info ===========================Percentage of memory in use: 57%Total physical RAM: 3061.18 MBAvailable physical RAM: 1293.57 MBTotal Pagefile: 9203.32 MBAvailable Pagefile: 7368.03 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB==================== Drives ================================Drive c: (HP) (Fixed) (Total:286.17 GB) (Free:199.11 GB) NTFSDrive d: (FACTORY_IMAGE) (Fixed) (Total:11.83 GB) (Free:2.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive f: (GS Drive) (Removable) (Total:7.45 GB) (Free:1.89 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 298 GB) (Disk ID: 1549F232)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)========================================================Disk: 2 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)Partition 1: (Active) - (Size=7 GB) - (Type=0C)==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014Ran by Brian (administrator) on DESKTOP on 07-05-2014 14:54:30Running from C:\Users\Brian\DesktopWindows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/</a> Download link for 64-Bit Version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/</a> Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a>==================== Processes (Whitelisted) =================(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe( ) C:\Windows\System32\lxctcoms.exe(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\nst.exe(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\nst.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\mpas-fe.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [LXCTCATS] => C:\Windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll [31744 2006-11-21] (Lexmark International Inc.)HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2010-01-11] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-30] (Microsoft Corporation)HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunHKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunHKU\S-1-5-21-281769471-447865342-2670445074-1000\...\MountPoints2: {86853783-aa29-11de-adb6-806e6f6e6963} - E:\reatogoMenu.exe==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.kcra.com/index.html" target="_blank">http://www.kcra.com/index.html</a>HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt" target="_blank">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt</a>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = <a href="http://www.msn.com/" target="_blank">http://www.msn.com/</a>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEA049807949FCA01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt" target="_blank">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt</a>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt" target="_blank">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt</a>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt" target="_blank">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt</a>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = <a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt" target="_blank">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt</a>StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {271E6FE6-9A91-4FBD-9A41-9CC8350CCFE8} URL = <a href="http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd" target="_blank">http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd</a>SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {271E6FE6-9A91-4FBD-9A41-9CC8350CCFE8} URL = <a href="http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd" target="_blank">http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd</a>SearchScopes: HKCU - {271E6FE6-9A91-4FBD-9A41-9CC8350CCFE8} URL = <a href="http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd" target="_blank">http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd</a>BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll (Symantec Corporation)BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll (Symantec Corporation)BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No FileToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No FileToolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No FileToolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No FileDPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <a href="http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab" target="_blank">http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab</a>DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <a href="http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab" target="_blank">http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab</a>DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} <a href="https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab" target="_blank">https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab</a>DPF: HKLM-x32 {354D91A8-E3C9-491F-BB89-0FB27DEEED86} <a href="https://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXTwain61.cab" target="_blank">https://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXTwain61.cab</a>DPF: HKLM-x32 {45EEDB84-57BC-4FBD-8065-7AB8E971B545} <a href="https://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXDialog61.cab" target="_blank">https://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXDialog61.cab</a>DPF: HKLM-x32 {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} <a href="https://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgX61.cab" target="_blank">https://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgX61.cab</a>DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} <a href="http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab" target="_blank">http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab</a>DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} <a href="https://www.icloud.com/system/iCloud.cab" target="_blank">https://www.icloud.com/system/iCloud.cab</a>DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <a href="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" target="_blank">http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</a>Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ []FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF [2013-10-10]Chrome: =======CHR HomePage: hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a>CHR DefaultSearchKeyword: bing.comCHR DefaultSearchProvider: BingCHR DefaultSearchURL: <a href="http://www.bing.com/search?setmkt=en-US&q={searchTerms" target="_blank">http://www.bing.com/search?setmkt=en-US&q={searchTerms</a>}CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\pdf.dll No FileCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No FileCHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Move Streaming Media Player) - C:\Users\Brian\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No FileCHR Plugin: (Default Plug-in) - default_plugin No FileCHR Extension: (YouTube) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]CHR Extension: (Google Search) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-02]CHR Extension: (Gmail) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-02]CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\Exts\Chrome.crx [2014-03-20]==================== Services (Whitelisted) =================R2 lxct_device; C:\Windows\system32\lxctcoms.exe [566192 2006-11-22] ( )R2 lxct_device; C:\Windows\SysWOW64\lxctcoms.exe [537520 2006-11-22] ( )R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe [130104 2014-03-11] (Symantec Corporation)S2 Winmgmt; C:\ProgramData\2992199F9A\lfeolfh9.faa [332020 2014-04-16] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-04] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-04] (Symantec Corporation)R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20131025.002\IDSvia64.sys [521816 2013-10-29] (Symantec Corporation)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20131028.038\ENG64.SYS [126040 2013-09-04] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20131028.038\EX64.SYS [2099288 2013-09-04] (Symantec Corporation)S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-05-07 14:54 - 2014-05-07 14:54 - 00000000 ____D () C:\78ee7a1fa258e56f872014-05-07 14:30 - 2014-05-07 14:54 - 00017624 _____ () C:\Users\Brian\Desktop\FRST.txt2014-05-07 14:30 - 2014-05-07 14:35 - 00033881 _____ () C:\Users\Brian\Desktop\Addition.txt2014-05-07 14:21 - 2014-05-07 14:21 - 01053184 _____ (Farbar) C:\Users\Brian\Desktop\FRST.exe2014-05-07 14:20 - 2014-05-07 14:20 - 02063872 _____ (Farbar) C:\Users\Brian\Desktop\FRST64.exe2014-05-07 14:19 - 2014-05-07 14:19 - 00693352 _____ ( ) C:\Users\Brian\Desktop\DownloadManagerSetup.exe2014-05-06 13:58 - 2014-05-07 14:54 - 00000000 ____D () C:\FRST2014-04-16 13:41 - 2014-05-07 11:02 - 00000000 ____D () C:\ProgramData\2992199F9A==================== One Month Modified Files and Folders =======2014-05-07 14:54 - 2014-05-07 14:54 - 00000000 ____D () C:\78ee7a1fa258e56f872014-05-07 14:54 - 2014-05-07 14:30 - 00017624 _____ () C:\Users\Brian\Desktop\FRST.txt2014-05-07 14:54 - 2014-05-06 13:58 - 00000000 ____D () C:\FRST2014-05-07 14:54 - 2009-09-25 16:21 - 01780278 _____ () C:\Windows\WindowsUpdate.log2014-05-07 14:44 - 2011-11-20 15:23 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBrian2014-05-07 14:44 - 2011-11-20 15:23 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForBrian.job2014-05-07 14:35 - 2014-05-07 14:30 - 00033881 _____ () C:\Users\Brian\Desktop\Addition.txt2014-05-07 14:22 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-05-07 14:22 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-05-07 14:21 - 2014-05-07 14:21 - 01053184 _____ (Farbar) C:\Users\Brian\Desktop\FRST.exe2014-05-07 14:20 - 2014-05-07 14:20 - 02063872 _____ (Farbar) C:\Users\Brian\Desktop\FRST64.exe2014-05-07 14:19 - 2014-05-07 14:19 - 00693352 _____ ( ) C:\Users\Brian\Desktop\DownloadManagerSetup.exe2014-05-07 14:12 - 2014-01-28 16:53 - 00001727 _____ () C:\Windows\setupact.log2014-05-07 14:12 - 2010-04-14 11:13 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-07 14:12 - 2009-12-14 20:35 - 00000000 ____D () C:\Program Files\Lx_cats2014-05-07 14:12 - 2009-11-01 20:32 - 00065536 _____ () C:\Windows\system32\Ikeext.etl2014-05-07 14:12 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-05-07 14:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing2014-05-07 11:02 - 2014-04-16 13:41 - 00000000 ____D () C:\ProgramData\2992199F9A2014-05-07 11:02 - 2009-11-01 19:16 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-06 13:58 - 2009-11-01 19:11 - 00000000 ____D () C:\Users\Brian2014-04-16 15:01 - 2010-04-14 11:13 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-04-12 14:45 - 2009-11-16 12:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-04-12 14:44 - 2011-10-29 11:28 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-04-10 03:03 - 2009-11-03 16:51 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-04-10 03:02 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT2014-04-10 03:01 - 2010-03-03 12:22 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-04-07 09:02 - 2009-07-13 22:13 - 00697222 _____ () C:\Windows\system32\PerfStringBackup.INI2014-04-07 08:56 - 2012-06-04 17:51 - 00278276 _____ () C:\Windows\PFRO.log2014-04-07 08:56 - 2012-05-12 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-04-07 08:56 - 2012-05-12 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitTDL4: custom:26000022 <===== ATTENTION!LastRegBack: 2014-04-09 00:50==================== End Of Log ============================</blockquote>

Verification

Top