Jump to content

Hlynn

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by Hlynn

  1. Sorry for the delay. Can I confirm that's the right link for the free removal tool please? The program didn't call itself the free tool, and the EULA seemed to be for the paid version with payment agreements, etc. I'd like to make certain I downloaded the right thing. Also, I really appreciate all the time you've put into this. At this point, would you say continuing to use various removal tools is the best option, or should I be thinking about reformatting and just starting fresh? Is it possible there's some kind of underlying hardware or other problem causing a normal program to malfunction? Again, thanks for all your help so far!
  2. Immediately after using the fixit and Rogue Killer, svchost was down into the single digits of CPU use. Now it's backup to 50%. Here's the info. SHA256: 9544f1241f802d5f75d19d07886e8a93e6280f6e87415e6e0a0c1f420a433763 File name: mdhpSUN.exe Detection ratio: 0 / 55 Probably harmless! There are strong indicators suggesting that this file is safe to use. The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem. Authenticode signature block and FileVersionInfo propertiesCopyrightGreensoft LimitedFile version 9.0.1.12Description Software update notificationSignature verification Signed file, verified signatureSigning date 1:25 AM 9/30/2015 Signers [+] Easybits AS [+] DigiCert SHA2 Assured ID Code Signing CA [+] DigiCert Counter signers [+] DigiCert Timestamp Responder [+] DigiCert Assured ID CA-1 [+] DigiCert Packers identifiedPEiD BobSoft Mini Delphi -> BoB / BobSoft PE header basic informationTarget machine Intel 386 or later processors and compatible processorsCompilation timestamp 1992-06-19 22:22:17Entry Point 0x000D8074Number of sections 8 PE sectionsName Virtual address Virtual size Raw size Entropy MD5CODE 4096 880836 881152 6.51 af891c880abb0a0f48a41185065065a3 DATA 888832 28748 29184 6.39 8165bb6ed9c1fa6e21249e15e9aa6a57 BSS 921600 7305 0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 929792 13000 13312 4.92 1e63d4c5f8d57d1acccde8a6c202ce54 .tls 946176 36 0 0.00 d41d8cd98f00b204e9800998ecf8427e .rdata 950272 24 512 0.21 6f8ac58cae0f0ef045632cd80cfaec03 .reloc 954368 58280 58368 6.69 a0c2bf5b3b0170c5ca06fe101085f2ea .rsrc 1015808 453120 453120 6.40 1c6546c4127b71e7815e00daeaaecca5 OverlaysMD5 79d85aaaf7162992fe02854c349b8a50File type dataOffset 1436672Size 8208Entropy 7.21 PE imports[+] advapi32.dll[+] comctl32.dll[+] gdi32.dll[+] kernel32.dll[+] ole32.dll[+] oleaut32.dll[+] shell32.dll[+] shlwapi.dll[+] user32.dll[+] version.dll[+] wininet.dll[+] winmm.dll[+] wsock32.dll Number of PE resources by typeRT_STRING 21RT_BITMAP 13RT_GROUP_CURSOR 7RT_RCDATA 7RT_CURSOR 7RT_DIALOG 1RT_MANIFEST 1RT_ICON 1RT_VERSION 1RT_GROUP_ICON 1 Number of PE resources by languageNEUTRAL 56RUSSIAN 2ENGLISH US 2 ExifTool file metadataSubsystemVersion4.0LinkerVersion2.25ImageVersion0.0FileVersionNumber9.0.1.12UninitializedDataSize0LanguageCodeEnglish (U.S.)FileFlagsMask0x003fCharacterSetWindows, Latin1InitializedDataSize554496EntryPoint0xd8074MIMETypeapplication/octet-streamSubsystemWindows GUIFileVersion9.0.1.12TimeStamp1992:06:19 23:22:17+01:00FileTypeWin32 EXEPETypePE32ProductVersion1.0.0.0FileDescriptionSoftware update notificationOSVersion4.0FileOSWin32LegalCopyrightGreensoft LimitedMachineTypeIntel 386 or later, and compatiblesCompanyNameEasybitsCodeSize881152FileSubtype0ProductVersionNumber9.0.1.12FileTypeExtensionexeObjectFileTypeExecutable application This file was created during the sandboxed execution of the following files.f28cdac401751a48e649af7607448b83294ea1c7767ae9ebe4d90f8de699ea8c File identificationMD5 1f628583c0f01e214ae45c8791b55010SHA1 480dab407239c8c780beb57d652b1408d5287ab1SHA256 9544f1241f802d5f75d19d07886e8a93e6280f6e87415e6e0a0c1f420a433763ssdeep24576:H1Ff3plMvd3PmZwzCj/TgdBh3Hggp4hTSjGcPv0LT:H1B6fbHJ+TSjaauthentihash ead1f8ae740414619ca2547c871f42e8e3fddd6993772c180dee5d9ee03d30b9imphash 837e7846f5240e73ead3cd868df63894File size 1.4 MB ( 1444880 bytes )File type Win32 EXEMagic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit TrID Windows ActiveX control (75.4%) Win32 Executable Delphi generic (9.1%) Windows screen saver (8.4%) Win32 Executable (generic) (2.9%) Win16/32 Executable Delphi generic (1.3%) Tagsbobsoft peexe signed overlay VirusTotal metadataFirst submission 2015-10-16 14:39:56 UTC ( 4 months, 3 weeks ago )Last submission 2016-03-07 14:38:14 UTC ( 15 minutes ago ) File names mdhpsun.exe vt-upload-LDsXdE mdhpSUN.exe mdhpSUN.exe mdhpsun.exe mdhpSUN.exe mdhpSUN.exe
  3. Rogue Killer wanted a restart after I deleted, so I ran the scan again afterwards. Now it's finding: RogueKiller V11.0.14.0 [Feb 29 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Caitlin [Administrator] Started from : C:\Users\Caitlin\Desktop\RogueKiller.exe Mode : Scan -- Date : 03/06/2016 20:28:44 ¤¤¤ Processes : 1 ¤¤¤ [Proc.Injected] mdhpSUN.exe(4292) -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe[x] -> Found ¤¤¤ Registry : 0 ¤¤¤ ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤ [PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x0]) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] c23ei5is.default-1429922417701 : user_pref("browser.startup.homepage", "http://www.nytimes.com/"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM321HI SATA Disk Device +++++ --- User --- [MBR] 78b8a17f73e4d9cdf7707bafe177fa0b [bSP] 4c557618dc60eb9fe5bfd1bf9ca79858 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 290897 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 596166656 | Size: 14044 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 624928768 | Size: 103 MB User = LL1 ... OK User = LL2 ... OK
  4. FRST froze in the middle of running the fix, but it did create a log file, so I'm hoping it finished. Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Caitlin (2016-03-06 12:16:29) Run:1 Running from C:\Users\Caitlin\Downloads Loaded Profiles: Caitlin (Available Profiles: Caitlin & Test & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\MountPoints2: {600f6752-cbc6-11e0-a2f0-2c27d7ddb8e0} - F:\WIN\setup.exe Tcpip\..\Interfaces\{695C1EAD-FD20-42FB-BDDB-9BE8B9CFE47C}: [NameServer] 209.183.50.151 209.183.50.151A7} BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File Toolbar: HKU\S-1-5-21-985372243-1932694096-683075236-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File S3 ATTRcAppSvc; "C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" [X] S3 CAATT; "C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" [X] S1 tcpipBM; no ImagePath U0 BMLoad; system32\drivers\BMLoad.sys [X] S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X] S3 swmsflt; system32\DRIVERS\swmsflt.sys [X] AlternateDataStreams: C:\Users\Caitlin\Desktop\Family Photo.jpeg:3or4kl4x13tuuug3Byamue2s4b [87] AlternateDataStreams: C:\Users\Caitlin\Desktop\Family Photo.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] CMD: ipconfig /flushdns EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. "HKU\S-1-5-21-985372243-1932694096-683075236-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{600f6752-cbc6-11e0-a2f0-2c27d7ddb8e0}" => key removed successfully HKCR\CLSID\{600f6752-cbc6-11e0-a2f0-2c27d7ddb8e0} => key not found. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{695C1EAD-FD20-42FB-BDDB-9BE8B9CFE47C}\\NameServer => value removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully HKU\S-1-5-21-985372243-1932694096-683075236-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. ATTRcAppSvc => service removed successfully CAATT => service removed successfully tcpipBM => service removed successfully BMLoad => service removed successfully PCTINDIS5X64 => service removed successfully swmsflt => service removed successfully "C:\Users\Caitlin\Desktop\Family Photo.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found. C:\Users\Caitlin\Desktop\Family Photo.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= RogueKiller V11.0.14.0 [Feb 29 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Caitlin [Administrator] Started from : C:\Users\Caitlin\Desktop\RogueKiller.exe Mode : Scan -- Date : 03/06/2016 15:43:53 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 1 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{695C1EAD-FD20-42FB-BDDB-9BE8B9CFE47C} | NameServer : 209.183.50.151 209.183.50.151A7} ([-][X]) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 3 ¤¤¤ [PUP][Folder] C:\ProgramData\{1983A45A-60BF-4D72-937F-E9C44B18E38E} -> Found [PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found [PUP][Folder] C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> Found ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x0]) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] c23ei5is.default-1429922417701 : user_pref("browser.startup.homepage", "http://www.nytimes.com/"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM321HI SATA Disk Device +++++ --- User --- [MBR] 78b8a17f73e4d9cdf7707bafe177fa0b [bSP] 4c557618dc60eb9fe5bfd1bf9ca79858 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 290897 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 596166656 | Size: 14044 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 624928768 | Size: 103 MB User = LL1 ... OK User = LL2 ... OK
  5. Sorry that I missed that. Here they are. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Ran by Caitlin (administrator) on CAITLIN-HP (06-03-2016 09:10:02) Running from C:\Users\Caitlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R15UEZ99 Loaded Profiles: Caitlin (Available Profiles: Caitlin & Test & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (GameStop Corp.) C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2010-12-17] (IDT, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586808 2011-03-30] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [319544 2011-03-30] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-01-16] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-25] (Easybits) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-03-05] (SUPERAntiSpyware) HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\Run: [googletalk] => C:\Users\Caitlin\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google) HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\MountPoints2: {600f6752-cbc6-11e0-a2f0-2c27d7ddb8e0} - F:\WIN\setup.exe HKU\S-1-5-21-985372243-1932694096-683075236-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-13] (EasyBits Software Corp.) Startup: C:\Users\Caitlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk [2016-03-06] ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{695C1EAD-FD20-42FB-BDDB-9BE8B9CFE47C}: [NameServer] 209.183.50.151 209.183.50.151A7} Tcpip\..\Interfaces\{AA9A70F3-91F7-49F0-AEAB-568A0617AB3E}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-985372243-1932694096-683075236-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1 HKU\S-1-5-21-985372243-1932694096-683075236-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-985372243-1932694096-683075236-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-985372243-1932694096-683075236-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-985372243-1932694096-683075236-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-22] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-22] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-11] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-22] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-11] (Oracle Corporation) Toolbar: HKU\S-1-5-21-985372243-1932694096-683075236-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Caitlin\AppData\Roaming\Mozilla\Firefox\Profiles\ia9zc6e9.default FF Homepage: hxxp://www.mybitterroot.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-28] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-11] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-11] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-26] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2012-10-23] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Extension: WOT - C:\Users\Caitlin\AppData\Roaming\Mozilla\Firefox\Profiles\g9i1kh76.default-1457211503834\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-03-05] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-14] (SUPERAntiSpyware.com) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-12] (Advanced Micro Devices, Inc.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-22] (Electronic Arts) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S3 ATTRcAppSvc; "C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" [X] S3 CAATT; "C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2010-06-08] (Research in Motion Ltd) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [280064 2009-08-12] (Sierra Wireless Inc.) S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [199552 2009-07-22] (Sierra Wireless Inc.) S1 tcpipBM; no ImagePath U0 BMLoad; system32\drivers\BMLoad.sys [X] S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X] S3 swmsflt; system32\DRIVERS\swmsflt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-05 16:47 - 2016-03-05 16:47 - 00000000 ____D C:\Users\Caitlin\Doctor Web 2016-03-05 16:45 - 2016-03-05 16:46 - 00260640 _____ C:\Windows\ntbtlog.txt 2016-03-05 16:40 - 2016-03-05 16:43 - 184515208 _____ C:\Users\Caitlin\Desktop\i6ei7qy4.exe 2016-03-05 16:35 - 2016-03-05 16:35 - 00078818 _____ C:\Users\Caitlin\Desktop\JRT.txt 2016-03-05 16:32 - 2016-03-05 16:32 - 01609216 _____ (Malwarebytes) C:\Users\Caitlin\Desktop\JRT.exe 2016-03-05 14:55 - 2016-03-05 14:56 - 00036406 _____ C:\Users\Caitlin\Downloads\Addition.txt 2016-03-05 14:54 - 2016-03-06 09:10 - 00000000 ____D C:\FRST 2016-03-05 14:54 - 2016-03-05 14:56 - 00025567 _____ C:\Users\Caitlin\Downloads\FRST.txt 2016-03-05 14:53 - 2016-03-05 14:53 - 02374144 _____ (Farbar) C:\Users\Caitlin\Downloads\FRST64.exe 2016-03-05 13:52 - 2016-03-05 13:52 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-05 13:52 - 2016-03-05 13:52 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-03-05 13:42 - 2016-03-05 13:42 - 00000000 ____D C:\ProgramData\AT&T 2016-03-04 11:14 - 2016-03-04 11:50 - 00001735 _____ C:\Users\Caitlin\Desktop\Vietnam Updates.txt 2016-03-03 14:53 - 2016-03-04 09:02 - 00000066 _____ C:\Users\Caitlin\Desktop\Double Tree.txt 2016-02-12 18:02 - 2016-03-05 13:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-02-06 11:20 - 2016-02-06 11:22 - 00549391 _____ C:\Users\Caitlin\Desktop\Phasma With Numbers.xps ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-06 09:04 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-06 09:04 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-06 08:53 - 2009-07-13 22:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-06 08:53 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2016-03-06 08:49 - 2012-11-17 17:16 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2016-03-06 08:48 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-05 21:44 - 2014-05-20 14:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-05 20:04 - 2009-07-13 22:08 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-03-05 20:03 - 2013-01-22 08:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-03-05 20:03 - 2013-01-22 08:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-03-05 19:16 - 2011-08-21 08:46 - 00000000 ____D C:\Users\Caitlin 2016-03-05 19:11 - 2013-01-22 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-03-05 17:30 - 2014-07-13 12:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-05 13:58 - 2015-04-24 17:40 - 00000000 ____D C:\Users\Caitlin\Desktop\Old Firefox Data 2016-03-05 13:58 - 2011-09-06 06:31 - 00000000 ____D C:\Users\Caitlin\AppData\Local\CrashDumps 2016-03-05 13:56 - 2011-08-21 08:55 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFDBEB91-B319-4BC6-A9A4-E6F2A7DD1742} 2016-03-05 13:52 - 2012-05-04 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-03-05 13:46 - 2011-08-21 08:54 - 00117584 _____ C:\Users\Caitlin\AppData\Local\GDIPFONTCACHEV1.DAT 2016-03-05 13:46 - 2009-07-13 21:45 - 00464664 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-05 13:45 - 2011-08-21 13:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-03-05 13:42 - 2011-08-21 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra Wireless 2016-03-05 12:51 - 2015-10-18 15:31 - 00000000 ____D C:\AdwCleaner 2016-03-04 21:07 - 2011-09-05 16:13 - 00000817 _____ C:\Users\Caitlin\mudlet-data 2016-03-04 08:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2016-02-23 23:28 - 2011-10-15 02:53 - 00000000 ____D C:\Users\Caitlin\AppData\Roaming\SoftGrid Client 2016-02-22 22:50 - 2011-09-01 16:25 - 00000000 ____D C:\Users\Caitlin\AppData\Roaming\Skype 2016-02-22 18:03 - 2014-05-26 08:15 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-02-22 18:01 - 2014-05-26 08:11 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-02-18 13:25 - 2015-11-16 19:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-02-14 22:10 - 2011-09-21 16:09 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCAITLIN-HP$ 2016-02-14 22:10 - 2011-09-21 16:09 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForCAITLIN-HP$.job 2016-02-11 22:42 - 2013-11-14 11:22 - 00000000 ____D C:\ProgramData\Oracle 2016-02-11 22:40 - 2015-07-01 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-02-11 22:40 - 2011-05-13 22:30 - 00000000 ____D C:\Program Files (x86)\Java 2016-02-11 22:39 - 2015-10-18 15:57 - 00000000 ____D C:\Users\Caitlin\.oracle_jre_usage 2016-02-11 22:38 - 2015-07-01 17:16 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-02-10 16:44 - 2014-05-20 14:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-02-10 16:44 - 2012-10-17 06:04 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-02-10 16:44 - 2011-09-06 06:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-09 18:45 - 2012-02-06 03:59 - 00000000 ____D C:\Users\Caitlin\Documents\paymentConfirm.do_files ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-03-05 21:15 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Caitlin (2016-03-06 09:11:15) Running from C:\Users\Caitlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R15UEZ99 Windows 7 Home Premium Service Pack 1 (X64) (2011-08-21 15:45:59) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-985372243-1932694096-683075236-500 - Administrator - Enabled) => C:\Users\Administrator Caitlin (S-1-5-21-985372243-1932694096-683075236-1001 - Administrator - Enabled) => C:\Users\Caitlin Guest (S-1-5-21-985372243-1932694096-683075236-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-985372243-1932694096-683075236-1003 - Limited - Enabled) Test (S-1-5-21-985372243-1932694096-683075236-1004 - Limited - Enabled) => C:\Users\Test ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{30A37772-7131-E172-F477-633EBAF652E9}) (Version: 3.0.820.0 - ATI Technologies, Inc.) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dragon Age 2 (HKLM-x32\...\Dragon Age 2) (Version: - GameStop) Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.03 - Electronic Arts, Inc.) Dragon Age™ II (HKLM-x32\...\{4D565319-8B91-41CB-961C-0DDC86101AC5}) (Version: 1.04.8524.0 - Electronic Arts) Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.1 - Electronic Arts) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.) Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden Flixster (HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\404b9336c7552828) (Version: 2.0.0.233 - Flixster) GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop) GameStop App (x32 Version: 4.00 - GameStop) Hidden GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) Google Talk (remove only) (HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - ) HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - ) HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{B86FB076-3531-4AF4-86CC-68CA36BFF48A}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard) HP On Screen Display (HKLM-x32\...\{F1BB1C5F-E94E-454C-B385-23016566644F}) (Version: 1.2.1 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company) HP Product Detection (HKLM-x32\...\{3C22981C-5C14-4176-B0E8-C2BE71174C41}) (Version: 11.14.0003 - HP) HP Quick Launch (HKLM-x32\...\{294C2687-77C0-4E1D-83DE-97680786602C}) (Version: 2.4.1 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6319.0 - IDT) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) iTunes (HKLM\...\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}) (Version: 10.5.3.3 - Apple Inc.) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lua for Windows 5.1.4-50 (HKLM-x32\...\Lua_is1) (Version: 5.1.4.50 - The Lua for Windows Project and Lua and Tecgraf, PUC-Rio) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MUSHclient (remove only) (HKLM-x32\...\MUSHclient) (Version: - ) Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com) NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org) Origin (HKLM-x32\...\Origin) (Version: 9.4.23.2817 - Electronic Arts, Inc.) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Pepakura Viewer 3 (HKLM-x32\...\pepakura_viewer3en) (Version: - TamaSoftware) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.) Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.) Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1118 - SUPERAntiSpyware.com) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {065564EF-6954-424F-B23D-F4A3447F86D4} - System32\Tasks\{4A06D0F9-E442-4F83-B64D-583439DD6BCF} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain Task: {2733DB2F-5C43-4DEA-A631-CE7DFA98167E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-07-10] (Microsoft) Task: {47666497-16CF-4467-A4B6-46238D173F99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {49AB9ACA-0A70-4953-AF53-E39A13F3887C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink) Task: {597E9D81-B7BE-482F-87A8-E389CA6DA8C2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-22] (Microsoft Corporation) Task: {7043A309-7147-4CDA-9488-E51273496F34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company) Task: {ADA956D6-CDAE-446F-BEFC-574BB5AEF0B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated) Task: {EC96C06B-E0E3-4E6A-A872-2B5BA8F9473C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation) Task: {F81C140D-6143-4C09-AA1B-E6BBF03B681D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation) Task: {FAB433F5-E096-42DC-95E6-998485BDDB61} - System32\Tasks\HPCeeScheduleForCAITLIN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForCAITLIN-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-05-02 03:40 - 2011-05-02 03:40 - 00034304 _____ () C:\Windows\System32\ssm1mlm.dll 2011-04-12 22:59 - 2011-04-12 22:59 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-05-26 08:11 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-10-28 16:57 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2010-06-24 02:21 - 2010-06-24 02:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll 2011-04-12 22:58 - 2011-04-12 22:58 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2011-03-04 12:25 - 2011-03-04 12:25 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-04-12 22:47 - 2011-04-12 22:47 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-06-24 07:56 - 2011-06-24 07:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-06-24 07:56 - 2011-06-24 07:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-04-12 14:17 - 2013-04-12 14:17 - 00029384 _____ () C:\Program Files (x86)\GameStop App\Now\SDSecurity.dll 2010-06-24 02:19 - 2010-06-24 02:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Caitlin\Desktop\Family Photo.jpeg:3or4kl4x13tuuug3Byamue2s4b [87] AlternateDataStreams: C:\Users\Caitlin\Desktop\Family Photo.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-985372243-1932694096-683075236-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Caitlin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FB0CE133-8447-4AA3-88C7-6CF36DF06E4F}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{78C56F75-021B-4B94-9892-FF8D5978EEDA}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{3B7E4119-98E5-43D0-9099-2CB254BEEE97}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{0F75DAF7-0124-47EA-B99C-E5B806517B34}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{611586DD-3929-469E-8377-BFC5D7473706}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{3AB1883C-036C-44AA-A35D-18CB39505BFC}] => (Allow) LPort=2869 FirewallRules: [{54B5F21D-9705-41F2-B89E-F9080CC2A5D7}] => (Allow) LPort=1900 FirewallRules: [{B540B11F-355C-4428-9E17-63EBBFDE7DA3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{3B9AB165-3A62-4207-BD8F-11626CE1F9A4}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{FCD14C10-0773-41DD-A359-2DFE8611FCE9}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe FirewallRules: [{AA34C062-36A3-4404-8A6D-C35396050E50}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe FirewallRules: [{C8F7A45D-C3C8-4F2D-81A3-21D33219FC01}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{4008DEB3-66EB-4AB0-A55D-86BC6B050CA4}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{56C0EC3E-4140-44B9-A59D-D1086EA21592}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE FirewallRules: [{7BB3386C-E989-45A8-9BD1-E808C9B5C062}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE FirewallRules: [{39905FB8-58AD-4CBD-82DA-24BA412F7BEB}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{04022814-F78E-494B-A723-46F42E7BBE6F}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{1827CDE6-1098-49B7-850E-2A87DE563D49}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{986DFE67-4F16-4C5E-A74B-4AFC5955E1ED}] => (Allow) C:\Users\Caitlin\Desktop\fg717p.exe FirewallRules: [{EAE0524A-C969-4E55-A292-F482637A3E48}] => (Allow) C:\Users\Caitlin\Desktop\fg717p.exe FirewallRules: [{08F75A98-BB76-4127-89FF-7E509CFAB03C}] => (Allow) C:\Users\Caitlin\Desktop\fg717p.exe FirewallRules: [{B07FFC00-6BA0-4758-BDC3-E4BEEB761B79}] => (Allow) C:\Users\Caitlin\Desktop\fg717p.exe FirewallRules: [{2A45BB5F-9518-404D-9EF6-8140AC8D0D6A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{F2913D10-F74A-452E-BF75-2C1103D4632A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4D88F90B-3E07-45AE-A5FA-C6371AB71BCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{56E91FD0-6BBE-43F8-8BE7-4FED457E9CDF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8BEDF1E2-1253-4743-ABE2-9B221770222A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{22DBB806-F057-4A98-BA97-7EE9B0435A83}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{27CBADCA-EB96-49DE-92A0-87030B78BBB9}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{BA9E4CD7-7C47-43D6-99C4-7286A5FAD712}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{28AAC6E8-F5C8-4686-825C-D10651DF130E}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{EC43BC84-AF71-45C2-95C4-7D30F1F1FE62}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{EDB05D76-63C3-4DE7-A6BB-4B6F1317EB39}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{98679B1E-C0F1-4481-9C7D-26808588B118}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{EFCFAFB3-3EBD-4145-A58D-AE18DD4980DA}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe FirewallRules: [{5803038E-AC0C-453F-BECD-E71F9FC3C0C2}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe FirewallRules: [{C5EC2D9E-CC9C-4A7E-A5C1-823EEBEBCB5A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{A0073D82-5329-4A63-8D35-E5FB86F15FAD}] => (Allow) C:\Users\Caitlin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{F966C7D7-653B-49D8-933C-76F97140A25C}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe FirewallRules: [{7F7460AA-078E-44B2-8224-1D914E182D5B}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe FirewallRules: [{985A08F5-7364-408C-A26B-B0DAC62DD494}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{86FB2FEA-13AB-44B4-A028-5815FBFB1CA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2E437BC0-81F2-402C-915A-0DF0C00AECCD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{929D9B87-DBA2-42ED-8EA3-86B16149D3DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0053A4F0-3589-4EEC-8131-646A22360E54}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AF3B2140-8C26-4BF9-B4A8-BEE79D5805B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 30-01-2016 10:11:11 Windows Update 03-02-2016 17:36:12 Windows Update 07-02-2016 15:59:29 Windows Update 13-02-2016 19:06:01 Windows Update 17-02-2016 21:40:42 Windows Update 22-02-2016 21:17:58 Windows Update 27-02-2016 13:12:09 Windows Update 04-03-2016 22:34:13 Windows Update 05-03-2016 16:33:03 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: Bytemobile Kernel Network Provider Description: Bytemobile Kernel Network Provider Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: tcpipBM Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (03/06/2016 08:50:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/05/2016 08:14:28 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (03/05/2016 08:04:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/05/2016 08:04:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HPWMISVC.exe, version: 2.3.1.0, time stamp: 0x4d92d6e7 Faulting module name: HPWMISVC.exe, version: 2.3.1.0, time stamp: 0x4d92d6e7 Exception code: 0xc0000005 Fault offset: 0x000016d1 Faulting process id: 0x7fc Faulting application start time: 0xHPWMISVC.exe0 Faulting application path: HPWMISVC.exe1 Faulting module path: HPWMISVC.exe2 Report Id: HPWMISVC.exe3 Error: (03/05/2016 05:23:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/05/2016 05:21:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: ) Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object. Details: Could not query the status of the EventSystem service. System Error: A system shutdown is in progress. . Error: (03/05/2016 04:47:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/05/2016 01:58:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0x17c4 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (03/05/2016 01:56:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0xf14 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (03/05/2016 01:56:39 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 44.0.2.5884 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 155c Start Time: 01d17720e777a52d Termination Time: 62 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: b527ddf6-e314-11e5-8f22-2c27d7ddb8e0 System errors: ============= Error: (03/06/2016 08:49:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: tcpipBM Error: (03/05/2016 08:06:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: %%1056 Error: (03/05/2016 08:06:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 Error: (03/05/2016 08:06:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: %%1056 Error: (03/05/2016 08:05:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: %%1056 Error: (03/05/2016 08:04:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s). Error: (03/05/2016 08:04:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: tcpipBM Error: (03/05/2016 08:04:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (03/05/2016 08:04:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (03/05/2016 08:04:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. ==================== Memory info =========================== Processor: AMD A4-3300M APU with Radeon HD Graphics Percentage of memory in use: 70% Total physical RAM: 3562.9 MB Available physical RAM: 1046.23 MB Total Virtual: 7124.01 MB Available Virtual: 4557.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:284.08 GB) (Free:105.51 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (RECOVERY) (Fixed) (Total:13.71 GB) (Free:1.53 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 381D09F3) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=284.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End of Addition.txt ============================ Original issue still remains. Svchost is taking up about 50% of the CPU at all times. Running firefox (just general browsing webpages on news/blogs) maxes my CPU out to 100%, though it's actually running faster than it was.
  6. Thanks for such a quick response! The logs are below/attached. svchost is still taking about 50% of the CPU at baseline, though IE seems to be taking a lot less. Malwarebytes: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 3/5/2016 Scan Time: 3:30 PM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.03.05.06 Rootkit Database: v2016.02.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Caitlin Scan Type: Threat Scan Result: Completed Objects Scanned: 514802 Time Elapsed: 57 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) cureit.log JRT.txt
  7. Hi, I'm not certain if I'm running an infection or not, and I'm hoping someone here can help me. This morning, Firefox kept freezing. I switched to IE and noticed it was running slowly as well. I checked my task manager and saw I was running at 50-60% of my CPU with nothing but task manager open, and 95-100% if an internet browser was open. I then ran MSE, Malwarebytes, Super-Antispyware, and AdwCleaner, and they all found nothing on my system. I tried uninstalling and reinstalling Firefox to see if there was something wrong with the program itself. The fresh installation wouldn't open until I refreshed Firefox and unstalled all plugins. It would then open, but was still running incredibly slowly. It's now asking me to select a profile as well if I try to open it, and the default is a very old version that has a homepage from years ago. I'm still running at about 50% CPU baseline, which is being taken up by svchost.exe, which is tied to a variety of services in the netsvcs group. My computer also keeps telling me it cannot read a USB device installed, even though there aren't any except a laptop fan, which is running fine. So, infected or should I be looking for another problem? Thank you in advance for your help! Here are my logs: FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Ran by Caitlin (administrator) on CAITLIN-HP (05-03-2016 14:54:20) Running from C:\Users\Caitlin\Downloads Loaded Profiles: Caitlin (Available Profiles: Caitlin & Test & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (GameStop Corp.) C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2010-12-17] (IDT, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586808 2011-03-30] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [319544 2011-03-30] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-01-16] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-25] (Easybits) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-03-05] (SUPERAntiSpyware) HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\Run: [googletalk] => C:\Users\Caitlin\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google) HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\MountPoints2: {600f6752-cbc6-11e0-a2f0-2c27d7ddb8e0} - F:\WIN\setup.exe HKU\S-1-5-21-985372243-1932694096-683075236-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-13] (EasyBits Software Corp.) Startup: C:\Users\Caitlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk [2016-03-05] ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{695C1EAD-FD20-42FB-BDDB-9BE8B9CFE47C}: [NameServer] 209.183.50.151 209.183.50.151A7} Tcpip\..\Interfaces\{AA9A70F3-91F7-49F0-AEAB-568A0617AB3E}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-985372243-1932694096-683075236-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1 HKU\S-1-5-21-985372243-1932694096-683075236-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-985372243-1932694096-683075236-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-985372243-1932694096-683075236-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-985372243-1932694096-683075236-1001 -> {35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-985372243-1932694096-683075236-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-22] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-22] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-11] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-22] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-11] (Oracle Corporation) Toolbar: HKU\S-1-5-21-985372243-1932694096-683075236-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Caitlin\AppData\Roaming\Mozilla\Firefox\Profiles\ia9zc6e9.default FF Homepage: hxxp://www.mybitterroot.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-28] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-11] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-11] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-26] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2012-10-23] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Extension: WOT - C:\Users\Caitlin\AppData\Roaming\Mozilla\Firefox\Profiles\g9i1kh76.default-1457211503834\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-03-05] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-14] (SUPERAntiSpyware.com) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-12] (Advanced Micro Devices, Inc.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-22] (Electronic Arts) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S3 ATTRcAppSvc; "C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" [X] S3 CAATT; "C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2010-06-08] (Research in Motion Ltd) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [280064 2009-08-12] (Sierra Wireless Inc.) S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [199552 2009-07-22] (Sierra Wireless Inc.) S1 tcpipBM; no ImagePath U0 BMLoad; system32\drivers\BMLoad.sys [X] S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X] S3 swmsflt; system32\DRIVERS\swmsflt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-05 14:54 - 2016-03-05 14:54 - 00019272 _____ C:\Users\Caitlin\Downloads\FRST.txt 2016-03-05 14:54 - 2016-03-05 14:54 - 00000000 ____D C:\FRST 2016-03-05 14:53 - 2016-03-05 14:53 - 02374144 _____ (Farbar) C:\Users\Caitlin\Downloads\FRST64.exe 2016-03-05 13:52 - 2016-03-05 13:52 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-05 13:52 - 2016-03-05 13:52 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-03-05 13:42 - 2016-03-05 13:42 - 00000000 ____D C:\ProgramData\AT&T 2016-03-04 11:14 - 2016-03-04 11:50 - 00001735 _____ C:\Users\Caitlin\Desktop\Vietnam Updates.txt 2016-03-03 14:53 - 2016-03-04 09:02 - 00000066 _____ C:\Users\Caitlin\Desktop\Double Tree.txt 2016-02-12 18:02 - 2016-03-05 13:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-02-10 17:02 - 2016-02-10 17:02 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{A146C392-3D67-4ED1-A512-137C2C0E082F} 2016-02-10 16:47 - 2016-02-10 16:47 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{8351C027-FE0B-4883-B034-A5A4503072A9} 2016-02-06 11:20 - 2016-02-06 11:22 - 00549391 _____ C:\Users\Caitlin\Desktop\Phasma With Numbers.xps ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-05 14:44 - 2014-05-20 14:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-05 14:35 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-05 14:35 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-05 13:58 - 2015-04-24 17:40 - 00000000 ____D C:\Users\Caitlin\Desktop\Old Firefox Data 2016-03-05 13:58 - 2011-09-06 06:31 - 00000000 ____D C:\Users\Caitlin\AppData\Local\CrashDumps 2016-03-05 13:56 - 2011-08-21 08:55 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFDBEB91-B319-4BC6-A9A4-E6F2A7DD1742} 2016-03-05 13:52 - 2012-05-04 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-03-05 13:50 - 2009-07-13 22:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-05 13:50 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2016-03-05 13:46 - 2012-11-17 17:16 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2016-03-05 13:46 - 2011-08-21 08:54 - 00117584 _____ C:\Users\Caitlin\AppData\Local\GDIPFONTCACHEV1.DAT 2016-03-05 13:46 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-05 13:46 - 2009-07-13 21:45 - 00464664 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-05 13:45 - 2011-08-21 13:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-03-05 13:42 - 2011-08-21 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra Wireless 2016-03-05 12:54 - 2014-07-13 12:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-05 12:51 - 2015-10-18 15:31 - 00000000 ____D C:\AdwCleaner 2016-03-04 21:07 - 2011-09-05 16:13 - 00000817 _____ C:\Users\Caitlin\mudlet-data 2016-03-04 08:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2016-02-23 23:28 - 2011-10-15 02:53 - 00000000 ____D C:\Users\Caitlin\AppData\Roaming\SoftGrid Client 2016-02-22 22:50 - 2011-09-01 16:25 - 00000000 ____D C:\Users\Caitlin\AppData\Roaming\Skype 2016-02-22 18:03 - 2014-05-26 08:15 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-02-22 18:01 - 2014-05-26 08:11 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-02-18 13:25 - 2015-11-16 19:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-02-14 22:10 - 2011-09-21 16:09 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCAITLIN-HP$ 2016-02-14 22:10 - 2011-09-21 16:09 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForCAITLIN-HP$.job 2016-02-11 22:42 - 2013-11-14 11:22 - 00000000 ____D C:\ProgramData\Oracle 2016-02-11 22:40 - 2015-07-01 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-02-11 22:40 - 2011-05-13 22:30 - 00000000 ____D C:\Program Files (x86)\Java 2016-02-11 22:39 - 2015-10-18 15:57 - 00000000 ____D C:\Users\Caitlin\.oracle_jre_usage 2016-02-11 22:38 - 2015-07-01 17:16 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-02-10 16:44 - 2014-05-20 14:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-02-10 16:44 - 2012-10-17 06:04 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-02-10 16:44 - 2011-09-06 06:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-09 18:45 - 2012-02-06 03:59 - 00000000 ____D C:\Users\Caitlin\Documents\paymentConfirm.do_files ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-20 14:25 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Caitlin (2016-03-05 14:55:27) Running from C:\Users\Caitlin\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-08-21 15:45:59) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-985372243-1932694096-683075236-500 - Administrator - Enabled) => C:\Users\Administrator Caitlin (S-1-5-21-985372243-1932694096-683075236-1001 - Administrator - Enabled) => C:\Users\Caitlin Guest (S-1-5-21-985372243-1932694096-683075236-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-985372243-1932694096-683075236-1003 - Limited - Enabled) Test (S-1-5-21-985372243-1932694096-683075236-1004 - Limited - Enabled) => C:\Users\Test ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{30A37772-7131-E172-F477-633EBAF652E9}) (Version: 3.0.820.0 - ATI Technologies, Inc.) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dragon Age 2 (HKLM-x32\...\Dragon Age 2) (Version: - GameStop) Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.03 - Electronic Arts, Inc.) Dragon Age™ II (HKLM-x32\...\{4D565319-8B91-41CB-961C-0DDC86101AC5}) (Version: 1.04.8524.0 - Electronic Arts) Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.1 - Electronic Arts) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.) Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden Flixster (HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\404b9336c7552828) (Version: 2.0.0.233 - Flixster) GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop) GameStop App (x32 Version: 4.00 - GameStop) Hidden GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) Google Talk (remove only) (HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - ) HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - ) HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{B86FB076-3531-4AF4-86CC-68CA36BFF48A}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard) HP On Screen Display (HKLM-x32\...\{F1BB1C5F-E94E-454C-B385-23016566644F}) (Version: 1.2.1 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company) HP Product Detection (HKLM-x32\...\{3C22981C-5C14-4176-B0E8-C2BE71174C41}) (Version: 11.14.0003 - HP) HP Quick Launch (HKLM-x32\...\{294C2687-77C0-4E1D-83DE-97680786602C}) (Version: 2.4.1 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6319.0 - IDT) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) iTunes (HKLM\...\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}) (Version: 10.5.3.3 - Apple Inc.) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lua for Windows 5.1.4-50 (HKLM-x32\...\Lua_is1) (Version: 5.1.4.50 - The Lua for Windows Project and Lua and Tecgraf, PUC-Rio) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-985372243-1932694096-683075236-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MUSHclient (remove only) (HKLM-x32\...\MUSHclient) (Version: - ) Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com) NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org) Origin (HKLM-x32\...\Origin) (Version: 9.4.23.2817 - Electronic Arts, Inc.) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Pepakura Viewer 3 (HKLM-x32\...\pepakura_viewer3en) (Version: - TamaSoftware) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.) Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.) Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1118 - SUPERAntiSpyware.com) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {065564EF-6954-424F-B23D-F4A3447F86D4} - System32\Tasks\{4A06D0F9-E442-4F83-B64D-583439DD6BCF} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain Task: {2733DB2F-5C43-4DEA-A631-CE7DFA98167E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-07-10] (Microsoft) Task: {47666497-16CF-4467-A4B6-46238D173F99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {49AB9ACA-0A70-4953-AF53-E39A13F3887C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink) Task: {597E9D81-B7BE-482F-87A8-E389CA6DA8C2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-22] (Microsoft Corporation) Task: {7043A309-7147-4CDA-9488-E51273496F34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company) Task: {ADA956D6-CDAE-446F-BEFC-574BB5AEF0B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated) Task: {EC96C06B-E0E3-4E6A-A872-2B5BA8F9473C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation) Task: {F81C140D-6143-4C09-AA1B-E6BBF03B681D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation) Task: {FAB433F5-E096-42DC-95E6-998485BDDB61} - System32\Tasks\HPCeeScheduleForCAITLIN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForCAITLIN-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-05-02 03:40 - 2011-05-02 03:40 - 00034304 _____ () C:\Windows\System32\ssm1mlm.dll 2011-04-12 22:59 - 2011-04-12 22:59 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-05-26 08:11 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-10-28 16:57 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2011-04-12 22:58 - 2011-04-12 22:58 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2011-03-04 12:25 - 2011-03-04 12:25 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-04-12 22:47 - 2011-04-12 22:47 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-06-24 02:21 - 2010-06-24 02:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll 2011-06-24 07:56 - 2011-06-24 07:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-06-24 07:56 - 2011-06-24 07:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-04-12 14:17 - 2013-04-12 14:17 - 00029384 _____ () C:\Program Files (x86)\GameStop App\Now\SDSecurity.dll 2010-06-24 02:19 - 2010-06-24 02:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Caitlin\Desktop\Family Photo.jpeg:3or4kl4x13tuuug3Byamue2s4b [87] AlternateDataStreams: C:\Users\Caitlin\Desktop\Family Photo.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-985372243-1932694096-683075236-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Caitlin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FB0CE133-8447-4AA3-88C7-6CF36DF06E4F}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{78C56F75-021B-4B94-9892-FF8D5978EEDA}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{3B7E4119-98E5-43D0-9099-2CB254BEEE97}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{0F75DAF7-0124-47EA-B99C-E5B806517B34}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{611586DD-3929-469E-8377-BFC5D7473706}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{3AB1883C-036C-44AA-A35D-18CB39505BFC}] => (Allow) LPort=2869 FirewallRules: [{54B5F21D-9705-41F2-B89E-F9080CC2A5D7}] => (Allow) LPort=1900 FirewallRules: [{B540B11F-355C-4428-9E17-63EBBFDE7DA3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{3B9AB165-3A62-4207-BD8F-11626CE1F9A4}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{FCD14C10-0773-41DD-A359-2DFE8611FCE9}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe FirewallRules: [{AA34C062-36A3-4404-8A6D-C35396050E50}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe FirewallRules: [{C8F7A45D-C3C8-4F2D-81A3-21D33219FC01}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{4008DEB3-66EB-4AB0-A55D-86BC6B050CA4}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{56C0EC3E-4140-44B9-A59D-D1086EA21592}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE FirewallRules: [{7BB3386C-E989-45A8-9BD1-E808C9B5C062}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE FirewallRules: [{39905FB8-58AD-4CBD-82DA-24BA412F7BEB}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{04022814-F78E-494B-A723-46F42E7BBE6F}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{1827CDE6-1098-49B7-850E-2A87DE563D49}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{986DFE67-4F16-4C5E-A74B-4AFC5955E1ED}] => (Allow) C:\Users\Caitlin\Desktop\fg717p.exe FirewallRules: [{EAE0524A-C969-4E55-A292-F482637A3E48}] => (Allow) C:\Users\Caitlin\Desktop\fg717p.exe FirewallRules: [{08F75A98-BB76-4127-89FF-7E509CFAB03C}] => (Allow) C:\Users\Caitlin\Desktop\fg717p.exe FirewallRules: [{B07FFC00-6BA0-4758-BDC3-E4BEEB761B79}] => (Allow) C:\Users\Caitlin\Desktop\fg717p.exe FirewallRules: [{2A45BB5F-9518-404D-9EF6-8140AC8D0D6A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{F2913D10-F74A-452E-BF75-2C1103D4632A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4D88F90B-3E07-45AE-A5FA-C6371AB71BCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{56E91FD0-6BBE-43F8-8BE7-4FED457E9CDF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8BEDF1E2-1253-4743-ABE2-9B221770222A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{22DBB806-F057-4A98-BA97-7EE9B0435A83}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{27CBADCA-EB96-49DE-92A0-87030B78BBB9}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{BA9E4CD7-7C47-43D6-99C4-7286A5FAD712}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{28AAC6E8-F5C8-4686-825C-D10651DF130E}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{EC43BC84-AF71-45C2-95C4-7D30F1F1FE62}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{EDB05D76-63C3-4DE7-A6BB-4B6F1317EB39}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{98679B1E-C0F1-4481-9C7D-26808588B118}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{EFCFAFB3-3EBD-4145-A58D-AE18DD4980DA}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe FirewallRules: [{5803038E-AC0C-453F-BECD-E71F9FC3C0C2}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe FirewallRules: [{C5EC2D9E-CC9C-4A7E-A5C1-823EEBEBCB5A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{A0073D82-5329-4A63-8D35-E5FB86F15FAD}] => (Allow) C:\Users\Caitlin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{F966C7D7-653B-49D8-933C-76F97140A25C}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe FirewallRules: [{7F7460AA-078E-44B2-8224-1D914E182D5B}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe FirewallRules: [{985A08F5-7364-408C-A26B-B0DAC62DD494}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{86FB2FEA-13AB-44B4-A028-5815FBFB1CA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2E437BC0-81F2-402C-915A-0DF0C00AECCD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{929D9B87-DBA2-42ED-8EA3-86B16149D3DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0053A4F0-3589-4EEC-8131-646A22360E54}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AF3B2140-8C26-4BF9-B4A8-BEE79D5805B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 30-01-2016 10:11:11 Windows Update 03-02-2016 17:36:12 Windows Update 07-02-2016 15:59:29 Windows Update 13-02-2016 19:06:01 Windows Update 17-02-2016 21:40:42 Windows Update 22-02-2016 21:17:58 Windows Update 27-02-2016 13:12:09 Windows Update 04-03-2016 22:34:13 Windows Update ==================== Faulty Device Manager Devices ============= Name: Bytemobile Kernel Network Provider Description: Bytemobile Kernel Network Provider Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: tcpipBM Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (03/05/2016 01:58:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0x17c4 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (03/05/2016 01:56:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0xf14 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (03/05/2016 01:56:39 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 44.0.2.5884 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 155c Start Time: 01d17720e777a52d Termination Time: 62 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: b527ddf6-e314-11e5-8f22-2c27d7ddb8e0 Error: (03/05/2016 01:47:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/05/2016 12:50:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0x470 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (03/05/2016 11:15:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0x1174 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (03/05/2016 11:15:23 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 44.0.2.5884 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 15cc Start Time: 01d1770aec4594fb Termination Time: 31 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 321ea07c-e2fe-11e5-b145-2c27d7ddb8e0 Error: (03/05/2016 11:12:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0xda8 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (03/05/2016 11:12:23 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 44.0.2.5884 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ce4 Start Time: 01d1770a5ab50d31 Termination Time: 47 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: c7763266-e2fd-11e5-b145-2c27d7ddb8e0 Error: (03/05/2016 11:10:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0x10d4 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 System errors: ============= Error: (03/05/2016 02:53:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/05/2016 02:53:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/05/2016 02:25:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/05/2016 02:25:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/05/2016 02:20:43 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/05/2016 02:20:43 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/05/2016 01:46:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: tcpipBM Error: (03/05/2016 12:46:55 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (03/05/2016 11:09:19 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (03/04/2016 07:30:33 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 ==================== Memory info =========================== Processor: AMD A4-3300M APU with Radeon HD Graphics Percentage of memory in use: 54% Total physical RAM: 3562.9 MB Available physical RAM: 1624.81 MB Total Virtual: 7124.01 MB Available Virtual: 4536.34 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:284.08 GB) (Free:108.35 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (RECOVERY) (Fixed) (Total:13.71 GB) (Free:1.53 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 381D09F3) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=284.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End of Addition.txt ============================
  8. Hello I recently had conduit/sweetpacks take over as search engines. I ran malwarebytes and superantispyware until both said the computer was clean. A few days later, conduit returned. I ran mbam and SAS again, and I also ran adwcleaner and eset, and then reset my browsers. msconfig, however, still shows ConduitFloatingPlugin_banjjkflojcdbofbhbgiedekefohoaff under my start-up programs (it's currently disabled) and I'm at a loss at how to remove this last lingering piece. Any help would be appreciated. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/29/2012 8:53:33 PM System Uptime: 9/29/2013 12:41:33 PM (0 hours ago) . Motherboard: Gateway | | DX4870 Processor: Intel® Core i3-2120 CPU @ 3.30GHz | SOCKET 0 | 3300/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 864.923 GiB free. D: is CDROM (CDFS) E: is Removable F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP108: 9/3/2013 6:57:02 AM - Windows Update RP109: 9/10/2013 6:45:35 AM - Windows Update RP110: 9/11/2013 9:23:44 AM - Windows Update RP111: 9/14/2013 7:43:23 AM - Installed OpenOffice 4.0.0 RP112: 9/16/2013 7:51:23 AM - Windows Update RP113: 9/22/2013 7:10:33 AM - Windows Update RP114: 9/27/2013 6:28:38 AM - Windows Update RP115: 9/28/2013 9:22:36 AM - Installed Java 7 Update 40 . ==== Installed Programs ====================== . 7-zip v9.20 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.8) MUI Best Buy pc app Bing Bar CCleaner Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Controle ActiveX do Windows Live Mesh para Conexões Remotas CyberLink PowerDVD 10 D3DX10 Evernote v. 4.5.2 Fooz Kids Fooz Kids Platform Galerie de photos Windows Live Galería fotográfica de Windows Live Gateway Recovery Management Gateway Registration Gateway ScreenSaver Gateway Updater Google Chrome Google Toolbar for Internet Explorer Hotkey Utility Identity Card Intel® Control Center Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client Java 7 Update 40 Java Auto Updater JavaFX 2.1.1 Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero BackItUp 10 Nero BackItUp 10 Help (CHM) Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Express 10 Nero Express 10 Help (CHM) Nero Multimedia Suite 10 Essentials Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Update Norton AntiVirus Norton Identity Safe Octoshape add-in for Adobe Flash Player OpenOffice 4.0.0 Realtek High Definition Audio Driver Samsung Printer Live Update Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Skype Click to Call Skype™ 5.10 SUPERAntiSpyware Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Welcome Center Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Galeria de Fotos Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yammer . ==== Event Viewer Messages From Past Week ======== . 9/24/2013 6:54:07 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.40.2 Run by Janet at 12:59:41 on 2013-09-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6023.3997 [GMT -6:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Norton AntiVirus\Engine\21.0.1.3\NAV.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\NST.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Norton AntiVirus\Engine\21.0.1.3\NAV.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\NST.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Yammer\Yammer.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uProxyServer = hxxp=127.0.0.1:49162;https=127.0.0.1:49162 uProxyOverride = <-loopback> mWinlogon: Userinit = userinit.exe, BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.0.1.3\IPS\IPSBHO.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\CoIEPlg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\CoIEPlg.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Janet\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yammer.lnk - C:\Program Files (x86)\Yammer\Yammer.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 TCP: NameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{17D9BFE1-93C2-4E5A-A8CE-53CC2422E84C} : DHCPNameServer = 192.168.1.1 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-5 16152] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1500010.003\SymDS64.sys [2013-9-19 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1500010.003\SymEFA64.sys [2013-9-19 1147480] R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [2013-9-23 1525848] R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1500010.003\ccSetx64.sys [2013-9-19 150104] R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE05000.043\ccSetx64.sys [2013-9-19 150104] R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\IPSDefs\20130927.002\IDSviA64.sys [2013-9-28 520280] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1500010.003\Ironx64.sys [2013-9-19 264280] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1500010.003\symnets.sys [2013-9-19 590424] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2012-2-29 28264] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-23 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-23 161560] R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-5 255376] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.0.1.3\NAV.exe [2013-9-19 262288] R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\NST.exe [2013-9-19 129424] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008] R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2011-3-21 11576] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-23 363800] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-9-19 140376] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-5 331264] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-5 355096] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-5 785688] R3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-5 1488448] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-3 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-09-29 13:36:17 -------- d-----w- C:\Users\Janet\AppData\Local\{D1EB5DAF-3FDB-4D14-96B4-6F3C200C6D2D} 2013-09-28 17:11:16 -------- d-----w- C:\Users\Janet\AppData\Local\{8D3E78DA-1C6F-4FA6-A764-68424C4CCBD3} 2013-09-28 15:23:33 -------- d-----w- C:\ProgramData\Oracle 2013-09-28 15:23:11 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-09-28 14:08:44 -------- d-----w- C:\AdwCleaner 2013-09-27 12:37:04 -------- d-----w- C:\Users\Janet\AppData\Local\{43714B7E-8C1B-4A5D-A214-B46B4CA57F86} 2013-09-27 12:28:59 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{39E4D2D0-8693-4975-BA06-651B3644A124}\mpengine.dll 2013-09-26 15:22:50 -------- d-----w- C:\Users\Janet\AppData\Local\{C39BEE5D-1990-4B83-A97E-8BE81FD4EE84} 2013-09-26 01:54:59 -------- d-----w- C:\Users\Janet\AppData\Local\{15D90542-D4FD-40C7-A5AC-340F69399B7A} 2013-09-24 19:10:56 -------- d-----w- C:\Users\Janet\AppData\Local\{4C883B6A-BB7C-4D9F-A67C-C36F9C35A0EC} 2013-09-23 15:03:47 -------- d-----w- C:\Users\Janet\AppData\Local\{315E8164-0E35-42BB-8D86-1583DDF1144D} 2013-09-23 02:59:00 -------- d-----w- C:\Users\Janet\AppData\Local\{F92FF43A-928D-4DDA-9383-ED03249A64B8} 2013-09-22 12:59:38 -------- d-----w- C:\Users\Janet\AppData\Local\{4F21EE8E-0752-4A05-8758-DEF294897E36} 2013-09-22 00:17:31 -------- d-----w- C:\Users\Janet\AppData\Local\{1B6A7EBE-E68D-4836-A1CA-01ACA59E442D} 2013-09-21 20:53:22 -------- d-----w- C:\Program Files\CCleaner 2013-09-21 20:43:35 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-09-21 20:43:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-21 12:17:17 -------- d-----w- C:\Users\Janet\AppData\Local\{4B0C423E-8002-4017-903E-EE24E92EB443} 2013-09-20 18:44:43 -------- d-----w- C:\Users\Janet\AppData\Local\{BD57EBD8-A908-4D6F-A26D-6C7DC3AF0DFB} 2013-09-19 16:27:59 -------- d-----w- C:\Users\Janet\AppData\Local\{824C0D8F-B7CE-4F95-A460-66CBBC9ACBED} 2013-09-19 13:38:58 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1500010.003 2013-09-19 13:38:58 -------- d-----w- C:\Windows\System32\drivers\NAVx64 2013-09-19 13:38:57 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus 2013-09-19 13:35:40 -------- d-----w- C:\ProgramData\PCSettings 2013-09-19 12:48:37 -------- d-----w- C:\Users\Janet\AppData\Roaming\spotmau 2013-09-19 12:47:47 -------- d-----w- C:\ProgramData\TuneUp360 2013-09-19 04:27:45 -------- d-----w- C:\Users\Janet\AppData\Local\{0A9AD93B-5C02-406C-A4CF-9CFC1A22E720} 2013-09-17 15:16:06 -------- d-----w- C:\Windows\System32\ljkb 2013-09-17 14:40:26 -------- d-----w- C:\Users\Janet\AppData\Local\{1C867A5B-4004-4C2E-9E79-CED4411A57B0} 2013-09-17 02:14:24 -------- d-----w- C:\Users\Janet\AppData\Local\CrashDumps 2013-09-17 00:08:34 -------- d-----w- C:\Users\Janet\AppData\Local\{DD0C9923-9C7F-427F-AF44-C306EDE26B76} 2013-09-16 13:07:36 -------- d-----w- C:\Users\Janet\AppData\Local\Programs 2013-09-16 12:08:09 -------- d-----w- C:\Users\Janet\AppData\Local\{FBBA36E3-7A15-4D4E-89F2-36731EAB1595} 2013-09-15 19:55:30 -------- d-----w- C:\Users\Janet\AppData\Local\{B9F292F0-7C7C-496F-93DD-28E26A05B902} 2013-09-14 14:44:38 -------- d-----w- C:\Users\Janet\AppData\Local\{0A5446DB-3755-4D8B-AFC4-DF290F1A6B7B} 2013-09-14 13:44:53 -------- d-----w- C:\Users\Janet\AppData\Roaming\OpenOffice 2013-09-14 13:43:35 -------- d-----w- C:\Program Files (x86)\OpenOffice 4 2013-09-13 16:40:48 -------- d-----w- C:\Users\Janet\AppData\Local\{89F56468-B372-4DB5-8DA9-FED5855B9DAF} 2013-09-12 12:12:35 -------- d-----w- C:\Users\Janet\AppData\Local\{87D019DF-D62A-4C95-9F81-894F8254E662} 2013-09-11 12:32:32 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-09-10 12:42:14 -------- d-----w- C:\Users\Janet\AppData\Local\{BF35C1D3-0C54-4304-8E58-7FEA6841D416} 2013-09-08 02:39:45 -------- d-----w- C:\Users\Janet\AppData\Local\{A6BF968E-F608-438F-9C0D-2C13C5798854} 2013-09-07 14:39:32 -------- d-----w- C:\Users\Janet\AppData\Local\{870A9164-0580-4FF8-9B9C-4633D1D0FC77} 2013-09-06 23:36:20 -------- d-----w- C:\Users\Janet\AppData\Local\{E1771C7B-2951-4B48-BC5A-89FD1BBA8DD4} 2013-09-05 13:40:12 -------- d-----w- C:\Users\Janet\AppData\Local\{FA048B0E-B64F-4C67-A23E-DAAAC85A4C4A} 2013-09-05 00:19:02 -------- d-----w- C:\Users\Janet\AppData\Local\{1184CD1C-940B-4737-B6A3-389FB284E7E9} 2013-09-04 01:03:30 -------- d-----w- C:\Users\Janet\AppData\Local\{D4118CFF-F952-4727-899A-AA83B35BA188} 2013-09-03 13:03:05 -------- d-----w- C:\Users\Janet\AppData\Local\{0A2C3340-B609-46D4-A790-DCDC9A2C74C6} 2013-08-31 19:27:20 -------- d-----w- C:\Users\Janet\AppData\Local\{74D7D3F8-AFC8-4256-A5DD-27409A90B9B3} . ==================== Find3M ==================== . 2013-09-28 15:23:08 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-09-28 15:23:08 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-09-20 13:52:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-20 13:52:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-19 13:39:36 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-09-09 08:54:22 829264 ----a-w- C:\Windows\System32\msvcr100.dll 2013-09-09 08:54:22 608080 ----a-w- C:\Windows\System32\msvcp100.dll 2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys 2013-08-07 10:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-08-05 01:33:19 1147480 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\SymEFA64.sys 2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll 2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-08-01 03:20:01 23568 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\SymELAM.sys 2013-08-01 03:19:50 493656 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\SymDS64.sys 2013-07-31 04:45:54 590424 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\symnets.sys 2013-07-31 04:13:30 264280 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\Ironx64.sys 2013-07-31 03:44:44 854616 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\srtsp64.sys 2013-07-31 03:44:44 36952 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\srtspx64.sys 2013-07-30 01:24:22 150104 ----a-r- C:\Windows\System32\drivers\NSTx64\7DE05000.043\ccSetx64.sys 2013-07-30 01:24:22 150104 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\ccSetx64.sys 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-11-15 20:51:06 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe . ============= FINISH: 12:59:58.89 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.