Jump to content

nytonc

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. the system is quite stable, no more issues, thank you very much. Terri Results of screen317's Security Check version 1.009 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 19.0.0.226 Adobe Reader XI Mozilla Firefox 23.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````
  2. windows updated the computer while I was sleeping. Why was the computer unable to connect to internet? I ran mbam again and the log Is underneath. Thanks, Terri Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/3/2015 Scan Time: 10:32 AM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.11.03.05 Rootkit Database: v2015.10.28.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Owner Scan Type: Threat Scan Result: Completed Objects Scanned: 388233 Time Elapsed: 23 min, 58 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 4 PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [376a95e44645181ea5a50528b84a926e], PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [376a95e44645181ea5a50528b84a926e], PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [376a95e44645181ea5a50528b84a926e], PUP.Optional.GetSavin, HKU\S-1-5-21-2207880224-1610313754-884784625-1000\SOFTWARE\APPDATALOW\SOFTWARE\getsav-in, Quarantined, [dec3f386e2a9ae888e9ca42119eaf010], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 36 PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [19880c6d8a0165d16df1f97f9b673ac6], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [19880c6d8a0165d16df1f97f9b673ac6], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [8021c5b4dbb0b5810c528fe93dc5f907], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [8021c5b4dbb0b5810c528fe93dc5f907], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [cdd473066823c76f96c8e2966e94817f], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [cdd473066823c76f96c8e2966e94817f], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [069b91e8a7e4f54171ee3444c83a3bc5], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [069b91e8a7e4f54171ee3444c83a3bc5], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [fea3ec8d5b3072c4481788f0c83a817f], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [fea3ec8d5b3072c4481788f0c83a817f], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [f3aedf9a7b1095a1d38c11676b97db25], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [f3aedf9a7b1095a1d38c11676b97db25], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [f4ad1e5bb7d49b9b0a565d1b8181c23e], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [f4ad1e5bb7d49b9b0a565d1b8181c23e], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [9f02fd7c02891620a5bb9eda34ce08f8], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [9f02fd7c02891620a5bb9eda34ce08f8], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [4c55caafb4d7d0669fc1d6a23fc32bd5], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [4c55caafb4d7d0669fc1d6a23fc32bd5], PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser, Quarantined, [aff2502983089c9a6d95522428dab848], PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data, Quarantined, [aff2502983089c9a6d95522428dab848], PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default, Quarantined, [aff2502983089c9a6d95522428dab848], PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions, Quarantined, [aff2502983089c9a6d95522428dab848], PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [aff2502983089c9a6d95522428dab848], PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [aff2502983089c9a6d95522428dab848], PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11], PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11], PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11], PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11], PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11], PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11], PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d], PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d], PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d], PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d], PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d], PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d], Files: 54 PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [19880c6d8a0165d16df1f97f9b673ac6], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [19880c6d8a0165d16df1f97f9b673ac6], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [19880c6d8a0165d16df1f97f9b673ac6], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [19880c6d8a0165d16df1f97f9b673ac6], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [8021c5b4dbb0b5810c528fe93dc5f907], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [8021c5b4dbb0b5810c528fe93dc5f907], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [8021c5b4dbb0b5810c528fe93dc5f907], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [8021c5b4dbb0b5810c528fe93dc5f907], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [cdd473066823c76f96c8e2966e94817f], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [cdd473066823c76f96c8e2966e94817f], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [cdd473066823c76f96c8e2966e94817f], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [cdd473066823c76f96c8e2966e94817f], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [069b91e8a7e4f54171ee3444c83a3bc5], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [069b91e8a7e4f54171ee3444c83a3bc5], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [069b91e8a7e4f54171ee3444c83a3bc5], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [069b91e8a7e4f54171ee3444c83a3bc5], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [fea3ec8d5b3072c4481788f0c83a817f], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [fea3ec8d5b3072c4481788f0c83a817f], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [fea3ec8d5b3072c4481788f0c83a817f], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [fea3ec8d5b3072c4481788f0c83a817f], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [f3aedf9a7b1095a1d38c11676b97db25], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [f3aedf9a7b1095a1d38c11676b97db25], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [f3aedf9a7b1095a1d38c11676b97db25], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [f3aedf9a7b1095a1d38c11676b97db25], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [f4ad1e5bb7d49b9b0a565d1b8181c23e], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [f4ad1e5bb7d49b9b0a565d1b8181c23e], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [f4ad1e5bb7d49b9b0a565d1b8181c23e], PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [f4ad1e5bb7d49b9b0a565d1b8181c23e], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [9f02fd7c02891620a5bb9eda34ce08f8], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [9f02fd7c02891620a5bb9eda34ce08f8], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [9f02fd7c02891620a5bb9eda34ce08f8], PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [9f02fd7c02891620a5bb9eda34ce08f8], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [4c55caafb4d7d0669fc1d6a23fc32bd5], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [4c55caafb4d7d0669fc1d6a23fc32bd5], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [4c55caafb4d7d0669fc1d6a23fc32bd5], PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [4c55caafb4d7d0669fc1d6a23fc32bd5], Adware.Trace, C:\awh11EB.tmp, Quarantined, [524fb8c1236881b5c97a3496a55ec739], Adware.Trace, C:\awh49CB.tmp, Quarantined, [faa75e1b9bf00333e55edfeb28db15eb], Adware.Trace, C:\awh4AE4.tmp, Quarantined, [eab77efbe1aaa195ac97f8d2dc278977], Adware.Trace, C:\awhC226.tmp, Quarantined, [7e23a8d1d4b72a0c3c0701c9a85b758b], Adware.Trace, C:\awhFA9.tmp, Quarantined, [7d246613b1da241294af29a1976c0000], PUP.Optional.Yontoo, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{9bd9da5d-43e8-4e1a-b0db-21649d28d6e0}.xpi, Quarantined, [e4bd7ffa9fec2e0814d95c6e798a857b], PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [aff2502983089c9a6d95522428dab848], PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [aff2502983089c9a6d95522428dab848], PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [aff2502983089c9a6d95522428dab848], PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [aff2502983089c9a6d95522428dab848], PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11], PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11], PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11], PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11], PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d], PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d], PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d], PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d], Physical Sectors: 0 (No malicious items detected) (end)
  3. the internet did work after using the attachment you provided, yay!!! While running the Junk Removal Tool, I accidently unplugged my computer.... checkdisk was run when I turned the computer back on before windows was loaded it deleted a few files because it said it was corrupted, one of them was the adwcleaner log I had put on desktop, thankfully I had put it on my usb so it is pasted below. dr cure it log is attached per instructions Terri fixlog Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015 Ran by Owner (2015-11-02 19:01:41) Run:1 Running from C:\Users\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [speedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" C:\Program Files (x86)\SpeedItup Free HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [ares] => "C:\Program Files (x86)\Ares\Ares.exe" -h C:\Program Files (x86)\Ares HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\MountPoints2: G - G:\Autorun.exe IFEO\apnmcp.exe: [Debugger] tasklist.exe IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe IFEO\brs.exe: [Debugger] tasklist.exe IFEO\bservice.exe: [Debugger] tasklist.exe IFEO\bservice64.exe: [Debugger] tasklist.exe IFEO\DatamngrUI.exe: [Debugger] tasklist.exe IFEO\DTUpdate.exe: [Debugger] tasklist.exe IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe IFEO\IdcLdr.exe: [Debugger] tasklist.exe IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe IFEO\IMGUpdater.exe: [Debugger] tasklist.exe IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe IFEO\loggingserver.exe: [Debugger] tasklist.exe IFEO\Lrcnta.exe: [Debugger] tasklist.exe IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe IFEO\patch_ff.exe: [Debugger] tasklist.exe IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe IFEO\SafeFinder.exe: [Debugger] tasklist.exe IFEO\searcharmor.exe: [Debugger] tasklist.exe IFEO\search_protect.exe: [Debugger] tasklist.exe IFEO\spbiu.exe: [Debugger] tasklist.exe IFEO\srptm.exe: [Debugger] tasklist.exe IFEO\srpts.exe: [Debugger] tasklist.exe IFEO\srptsl.exe: [Debugger] tasklist.exe IFEO\SystemkService.exe: [Debugger] tasklist.exe IFEO\SystemSockets.exe: [Debugger] tasklist.exe IFEO\TBNotifier.exe: [Debugger] tasklist.exe IFEO\TNT2User.exe: [Debugger] tasklist.exe IFEO\Toolbar.exe: [Debugger] tasklist.exe IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe IFEO\vprot.exe: [Debugger] tasklist.exe IFEO\wb.exe: [Debugger] tasklist.exe IFEO\YTDownloader.exe: [Debugger] tasklist.exe ProxyServer: [s-1-5-21-2207880224-1610313754-884784625-1000] => http=127.0.0.1:49255;https=127.0.0.1:49255 Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll No File Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll No File Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll No File Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll No File Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll No File Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll No File Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll No File Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll No File Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll No File Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll No File Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll No File cmd: netsh winsock reset HKU\S-1-5-21-2207880224-1610313754-884784625-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\X4Bxn@gmail.com [not found] FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{a1ec290a-8ad8-c41a-855e-38572413c1aa} [not found] FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{5b04e40f-2145-d80a-b593-afaefebc5816} [not found] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file) S2 NinjaLoaderService; "C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe" /svc [X] S2 spdfrmon; C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe [X] U2 TMAgent; no ImagePath 2015-03-31 03:14 - 2015-03-31 03:14 - 0005655 _____ () C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93 2015-04-04 14:51 - 2015-11-01 16:14 - 0000020 _____ () C:\Users\Owner\AppData\Roaming\appdataFr3.bin 2015-03-09 16:30 - 2015-03-09 16:30 - 0005487 _____ () C:\Users\Owner\AppData\Roaming\QJNFZ 2015-03-31 03:14 - 2015-03-31 03:14 - 0004387 _____ () C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH C:\Users\Owner\AppData\Local\Temp\abikkgv-.dll C:\Users\Owner\AppData\Local\Temp\DRHelper_uninstallComplete.exe C:\Users\Owner\AppData\Local\Temp\pmbrirno.dll C:\Users\Owner\AppData\Local\Temp\pyl2DE.tmp.exe C:\Users\Owner\AppData\Local\Temp\sqlite3.dll Task: {0F1E6322-7A91-476C-9B3F-5451ABDC82AE} - System32\Tasks\UU6SvxKEVNf7SyAH => C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe <==== ATTENTION C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe Task: {509D3D3A-803C-4076-9A52-ABF4FED5AD28} - System32\Tasks\QJNFZ => C:\Users\Owner\AppData\Roaming\QJNFZ.exe <==== ATTENTION C:\Users\Owner\AppData\Roaming\QJNFZ.exe Task: {95B9B6E8-E10F-4E48-B0A1-46F6E28733B9} - System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093} => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION C:\Program Files\Shop For Rewards Task: {C821436B-DFE4-479E-933D-3E3B6CA3E73E} - System32\Tasks\KCHDV => C:\ProgramData\7ab908b490c44993b797d817bd42cf5f\7ab908b490c44993b797d817bd42cf5f.exe <==== ATTENTION C:\ProgramData\7ab908b490c44993b797d817bd42cf5f Task: C:\Windows\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093}.job => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION Task: C:\Windows\Tasks\7VFDP8RjMzr9UuBo7rJhCRm93.job => C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93.exe <==== ATTENTION C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93.exe Task: C:\Windows\Tasks\QJNFZ.job => C:\Users\Owner\AppData\Roaming\QJNFZ.exe <==== ATTENTION Task: C:\Windows\Tasks\UU6SvxKEVNf7SyAH.job => C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe <==== ATTENTION C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:D346F792 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION Hosts: EmptyTemp: reboot: End ***************** Processes closed successfully. Restore point was successfully created. HKU\S-1-5-21-2207880224-1610313754-884784625-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpeedItupFree => value removed successfully "C:\Program Files (x86)\SpeedItup Free" => not found. HKU\S-1-5-21-2207880224-1610313754-884784625-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ares => value removed successfully "C:\Program Files (x86)\Ares" => not found. "HKU\S-1-5-21-2207880224-1610313754-884784625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\apnmcp.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AppIntegrator64.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brs.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bservice.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bservice64.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DatamngrUI.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DTUpdate.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ExtensionUpdaterService.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FrameworkEngine.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IdcLdr.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IdcLdr_x64.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IMGUpdater.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keepmysettingsx.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\loggingserver.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Lrcnta.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PastaLeadsService.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PastaLeadsWinApp.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\patch_ff.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ProtectWindowsManager.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SafeFinder.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searcharmor.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\search_protect.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spbiu.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srptm.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srpts.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srptsl.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SystemkService.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SystemSockets.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TBNotifier.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TNT2User.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Toolbar.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ToolbarUpdater.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vprot.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wb.exe" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\YTDownloader.exe" => key removed successfully HKU\S-1-5-21-2207880224-1610313754-884784625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015" => key removed successfully ========= netsh winsock reset ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107 Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= "HKU\S-1-5-21-2207880224-1610313754-884784625-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\X4Bxn@gmail.com => path removed successfully C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{a1ec290a-8ad8-c41a-855e-38572413c1aa} => path removed successfully C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{5b04e40f-2145-d80a-b593-afaefebc5816} => path removed successfully C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js => moved successfully NinjaLoaderService => service removed successfully spdfrmon => service removed successfully TMAgent => service removed successfully C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93 => moved successfully C:\Users\Owner\AppData\Roaming\appdataFr3.bin => moved successfully C:\Users\Owner\AppData\Roaming\QJNFZ => moved successfully C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH => moved successfully C:\Users\Owner\AppData\Local\Temp\abikkgv-.dll => moved successfully C:\Users\Owner\AppData\Local\Temp\DRHelper_uninstallComplete.exe => moved successfully C:\Users\Owner\AppData\Local\Temp\pmbrirno.dll => moved successfully C:\Users\Owner\AppData\Local\Temp\pyl2DE.tmp.exe => moved successfully C:\Users\Owner\AppData\Local\Temp\sqlite3.dll => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F1E6322-7A91-476C-9B3F-5451ABDC82AE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F1E6322-7A91-476C-9B3F-5451ABDC82AE}" => key removed successfully C:\Windows\System32\Tasks\UU6SvxKEVNf7SyAH => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UU6SvxKEVNf7SyAH" => key removed successfully "C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe" => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{509D3D3A-803C-4076-9A52-ABF4FED5AD28}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{509D3D3A-803C-4076-9A52-ABF4FED5AD28}" => key removed successfully C:\Windows\System32\Tasks\QJNFZ => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QJNFZ" => key removed successfully "C:\Users\Owner\AppData\Roaming\QJNFZ.exe" => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95B9B6E8-E10F-4E48-B0A1-46F6E28733B9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95B9B6E8-E10F-4E48-B0A1-46F6E28733B9}" => key removed successfully C:\Windows\System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093}" => key removed successfully "C:\Program Files\Shop For Rewards" => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C821436B-DFE4-479E-933D-3E3B6CA3E73E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C821436B-DFE4-479E-933D-3E3B6CA3E73E}" => key removed successfully C:\Windows\System32\Tasks\KCHDV => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KCHDV" => key removed successfully "C:\ProgramData\7ab908b490c44993b797d817bd42cf5f" => not found. C:\Windows\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093}.job => moved successfully C:\Windows\Tasks\7VFDP8RjMzr9UuBo7rJhCRm93.job => moved successfully "C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93.exe" => not found. C:\Windows\Tasks\QJNFZ.job => moved successfully C:\Windows\Tasks\UU6SvxKEVNf7SyAH.job => moved successfully "C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe" => not found. C:\ProgramData\Temp => ":373E1720" ADS removed successfully. C:\ProgramData\Temp => ":D346F792" ADS removed successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys" => key removed successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 134.5 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 19:02:39 ==== ADWCLEANER LOG # AdwCleaner v5.016 - Logfile created 02/11/2015 at 19:13:10 # Updated 01/11/2015 by Xplode # Database : 2015-11-01.2 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Owner - OWNER-HP # Running from : C:\Users\Owner\Desktop\adwcleaner_5.016.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** [-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mnonkalmdjjnelekfdaldkknjkedgamf_0 [-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnonkalmdjjnelekfdaldkknjkedgamf ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ************************* :: "Tracing" keys removed :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [962 bytes] ########## JRTLOG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.4 (09.28.2015:1) OS: Windows 7 Home Premium x64 Ran by Owner on Mon 11/02/2015 at 19:55:00.43 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully deleted: [service] backupstack [Reboot required] Successfully deleted: [service] drvagent64 [Reboot required] Successfully deleted: [service] nethxxpservice [Reboot required] Successfully deleted: [service] serviceupdater [Reboot required] ~~~ Tasks ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys Successfully deleted: [Registry Key] (Default) REG_SZ Fast Browser Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Fast Browser Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Deal Keeper Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update ViewPlay Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Deal Keeper Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util ViewPlay ~~~ Files Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\search.lnk ~~~ Folders Failed to delete: [Folder] C:\ai_recyclebin Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{32782E95-F6B4-434D-A244-DB5FF090DE52} Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{48386CD9-28AA-466B-A2D1-822973E5CF6D} Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{4918BDC7-916D-42B1-86B3-4E3D313B033B} Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{536F5D56-499A-474D-BCCD-F707C9783D4D} Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D2EE6D8E-2277-4857-9637-EE7B24C3DC84} Successfully deleted: [Folder] C:\Users\Owner\Appdata\Local\com Successfully deleted: [Folder] C:\Users\Owner\Appdata\Local\crashrpt Successfully deleted: [Folder] C:\Users\Owner\Appdata\Local\ninja loader Successfully deleted: [Folder] C:\Users\Owner\Appdata\LocalLow\company Successfully deleted: [Folder] C:\Users\Owner\Documents\add-in express Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin Successfully deleted: [Folder] C:\ProgramData\dcnbmhhcjmdlkjpdijebokfpaaglfefp ~~~ FireFox Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\frrk1y4e.default\searchplugins\aol-search.xml Successfully deleted: [Folder] C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\frrk1y4e.default\prefs.js user_pref(extensions.5m22mskJl0wL1qGw.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl user_pref(extensions.70TRuaLRWkCnUMhz.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl user_pref(extensions.IEjfwaZsY31XJVXg.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl user_pref(extensions.MnY6j06ojNG9R1fD.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl user_pref(extensions.WAZphDBtQNEtD6Wn.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl user_pref(extensions.YuHkPkvCAjudHick.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl user_pref(extensions.asEQBdxPC66IUPAU.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl user_pref(extensions.kJJcRpQ8v7Ykp6yp.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl ~~~ Chrome [C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: elchiiiejkobdbblfejjkbphbddgmljf [C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 11/02/2015 at 20:00:13.75 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cureit.log
  4. Hi, I am helping my mom clear out her Windows 7 computer that stopped connecting to the internet because of all the adware/malware that was on it. Since her computer can not currently connect to the internet, I downloaded the latest version of malwarebytes and put it on a usb and then used that to install it on her computer in safe mode. I also used ccleaner and tdsskiller in the same way(put on usb, then used it on her computer). I restarted her computer and although it looks like everything is removed, it still does not connect to the internet and I cannot open malwarebytes . i I booted to linux on a usb, and the internet was able to connect just fine. She does not know when the last time her internet worked, and I was unable to successfully find a restart point to go back to where it did work. I feel like i am missing a big malware because it wont connect to internet in win7, please help. FRST.TXT Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015 Ran by Owner (administrator) on OWNER-HP (02-11-2015 15:45:39) Running from C:\Users\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Appcaster) C:\Program Files (x86)\Mobile App Sync\D2MClient.exe (PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard ) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-08-19] (Portrait Displays, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-16] (Power Software Ltd) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [speedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [MobileAppSync] => C:\Program Files (x86)\Mobile App Sync\D2MClient.exe [332800 2013-12-16] (Appcaster) HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [ares] => "C:\Program Files (x86)\Ares\Ares.exe" -h HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [5673824 2014-08-07] (PC Drivers Headquarters) HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\MountPoints2: G - G:\Autorun.exe HKU\S-1-5-21-2207880224-1610313754-884784625-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) IFEO\apnmcp.exe: [Debugger] tasklist.exe IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe IFEO\brs.exe: [Debugger] tasklist.exe IFEO\bservice.exe: [Debugger] tasklist.exe IFEO\bservice64.exe: [Debugger] tasklist.exe IFEO\DatamngrUI.exe: [Debugger] tasklist.exe IFEO\DTUpdate.exe: [Debugger] tasklist.exe IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe IFEO\IdcLdr.exe: [Debugger] tasklist.exe IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe IFEO\IMGUpdater.exe: [Debugger] tasklist.exe IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe IFEO\loggingserver.exe: [Debugger] tasklist.exe IFEO\Lrcnta.exe: [Debugger] tasklist.exe IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe IFEO\patch_ff.exe: [Debugger] tasklist.exe IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe IFEO\SafeFinder.exe: [Debugger] tasklist.exe IFEO\searcharmor.exe: [Debugger] tasklist.exe IFEO\search_protect.exe: [Debugger] tasklist.exe IFEO\spbiu.exe: [Debugger] tasklist.exe IFEO\srptm.exe: [Debugger] tasklist.exe IFEO\srpts.exe: [Debugger] tasklist.exe IFEO\srptsl.exe: [Debugger] tasklist.exe IFEO\SystemkService.exe: [Debugger] tasklist.exe IFEO\SystemSockets.exe: [Debugger] tasklist.exe IFEO\TBNotifier.exe: [Debugger] tasklist.exe IFEO\TNT2User.exe: [Debugger] tasklist.exe IFEO\Toolbar.exe: [Debugger] tasklist.exe IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe IFEO\vprot.exe: [Debugger] tasklist.exe IFEO\wb.exe: [Debugger] tasklist.exe IFEO\YTDownloader.exe: [Debugger] tasklist.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-02] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-2207880224-1610313754-884784625-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [s-1-5-21-2207880224-1610313754-884784625-1000] => http=127.0.0.1:49255;https=127.0.0.1:49255 Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll No File Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll No File Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll No File Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll No File Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll No File Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll No File Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll No File Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll No File Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll No File Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll No File Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 Tcpip\..\Interfaces\{B13C11A3-C8A2-45B8-B80A-77273C9777E2}: [DhcpNameServer] 192.168.254.254 Tcpip\..\Interfaces\{B29ED573-1ECD-446F-B755-C875A51DB39E}: [DhcpNameServer] 168.94.0.14 168.94.0.15 Internet Explorer: ================== HKU\S-1-5-21-2207880224-1610313754-884784625-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com URLSearchHook: HKLM-x32 -> Default = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {882538B3-CD84-4DB6-8D09-581EC6928000} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default FF DefaultSearchEngine: Yahoo! Search FF SelectedSearchEngine: Yahoo! Search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-04-04] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-04-04] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2207880224-1610313754-884784625-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-07-30] (Google) FF Plugin HKU\S-1-5-21-2207880224-1610313754-884784625-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-07-30] (Google) FF Plugin HKU\S-1-5-21-2207880224-1610313754-884784625-1000: @talk.google.com/O3DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-30] () FF Plugin HKU\S-1-5-21-2207880224-1610313754-884784625-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-2207880224-1610313754-884784625-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-2207880224-1610313754-884784625-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-07-30] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-30] () FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-07-30] (Google) FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\searchplugins\aol-search.xml [2014-01-19] FF Extension: firesshnightlightws - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\Extensions\firessh@nightlight.ws [2015-04-04] [not signed] FF Extension: ViewPlay 1.0.1 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\Extensions\{9bd9da5d-43e8-4e1a-b0db-21649d28d6e0}.xpi [2014-12-25] [not signed] FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2014-01-19] [not signed] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-28] [not signed] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-28] [not signed] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-03-10] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found FF HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\X4Bxn@gmail.com [not found] FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{a1ec290a-8ad8-c41a-855e-38572413c1aa} [not found] FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{5b04e40f-2145-d80a-b593-afaefebc5816} [not found] StartMenuInternet: FIREFOX.EXE - firefox.exe FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file) Chrome: ======= CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04] CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-04] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] CHR HKLM-x32\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files (x86)\LyricSing\133.crx <not found> ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-08-19] (Portrait Displays, Inc.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 NinjaLoaderService; "C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe" /svc [X] S2 spdfrmon; C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ElgatoGC656Y; C:\Windows\System32\Drivers\ElgatoGC656.sys [94440 2014-07-07] (UB658) S3 FintekCIR; C:\Windows\system32\drivers\FintekCIR.sys [30248 2009-11-13] (Fintek) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28920 2013-02-04] () S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-23] (n/a) U2 TMAgent; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-02 15:45 - 2015-11-02 15:46 - 00023673 _____ C:\Users\Owner\Desktop\FRST.txt 2015-11-02 15:45 - 2015-11-02 15:45 - 00000000 ____D C:\FRST 2015-11-02 15:41 - 2015-11-02 15:27 - 02198016 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe 2015-11-02 12:02 - 2015-11-02 12:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-02 12:02 - 2015-11-02 12:26 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-02 12:02 - 2015-11-02 12:17 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-11-02 12:02 - 2015-11-02 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-11-02 12:02 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-02 12:02 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-02 10:50 - 2015-11-02 12:24 - 00028868 _____ C:\Windows\PFRO.log 2015-11-02 10:40 - 2015-11-02 10:43 - 00000000 ____D C:\AdwCleaner 2015-11-02 00:52 - 2015-11-02 15:42 - 00062581 _____ C:\Windows\WindowsUpdate.log 2015-11-02 00:52 - 2015-11-02 15:40 - 00001186 _____ C:\Windows\setupact.log 2015-11-02 00:52 - 2015-11-02 00:52 - 00000000 _____ C:\Windows\setuperr.log 2015-11-02 00:20 - 2015-11-02 12:17 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-11-02 00:20 - 2015-11-02 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-11-02 00:19 - 2015-11-02 00:20 - 00000000 ____D C:\Program Files\CCleaner ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-02 15:43 - 2009-07-14 00:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-02 15:39 - 2009-07-14 00:08 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-02 15:39 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-02 12:37 - 2013-08-10 18:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-02 12:37 - 2013-08-10 18:51 - 00000000 ____D C:\Users\Owner\Desktop\mbar 2015-11-02 12:24 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-02 12:24 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-02 12:17 - 2014-08-31 15:24 - 00002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-11-02 12:17 - 2014-08-09 10:24 - 00002257 _____ C:\Users\Public\Desktop\Driver Support.lnk 2015-11-02 12:17 - 2014-01-18 18:03 - 00001739 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-11-02 12:17 - 2014-01-18 18:01 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-11-02 12:17 - 2013-12-16 18:34 - 00001242 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk 2015-11-02 12:17 - 2013-04-19 12:41 - 00001017 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-11-02 12:17 - 2013-03-24 01:12 - 00001003 _____ C:\Users\Public\Desktop\PowerISO.lnk 2015-11-02 12:17 - 2013-03-10 13:21 - 00002163 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk 2015-11-02 12:17 - 2013-03-10 13:20 - 00001311 _____ C:\Users\Public\Desktop\HP Solution Center.lnk 2015-11-02 12:17 - 2013-03-10 13:20 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk 2015-11-02 12:17 - 2013-03-06 09:15 - 00001358 _____ C:\Users\Public\Desktop\HP TouchSmart Magic Canvas.lnk 2015-11-02 12:17 - 2013-03-03 20:22 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-11-02 12:17 - 2013-03-03 20:22 - 00002015 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-11-02 12:17 - 2013-03-03 20:07 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-11-02 12:17 - 2013-02-26 14:44 - 00000971 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-11-02 12:17 - 2013-02-26 14:41 - 00001775 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warranty.lnk 2015-11-02 12:17 - 2012-01-23 13:32 - 00002477 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2015-11-02 12:17 - 2012-01-23 13:32 - 00001449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-11-02 12:17 - 2012-01-23 13:32 - 00001365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2015-11-02 12:17 - 2012-01-23 13:32 - 00001296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2015-11-02 12:17 - 2012-01-23 13:22 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint.lnk 2015-11-02 12:17 - 2012-01-23 13:22 - 00001288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go.lnk 2015-11-02 12:17 - 2012-01-23 13:12 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk 2015-11-02 12:17 - 2012-01-23 13:00 - 00001652 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Beats Audio.lnk 2015-11-02 12:17 - 2011-02-11 12:05 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2015-11-02 12:17 - 2011-02-11 12:05 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2015-11-02 12:17 - 2009-07-13 23:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-11-02 12:17 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2015-11-02 12:17 - 2009-07-13 23:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2015-11-02 12:17 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2015-11-02 12:17 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2015-11-02 12:16 - 2015-04-04 12:24 - 00000000 ____D C:\ProgramData\cheap-o 2015-11-02 12:16 - 2015-01-21 14:03 - 00000000 ____D C:\Program Files (x86)\8306ec99-c559-4a07-ba87-bff22a98676d 2015-11-02 12:16 - 2014-10-25 15:37 - 00002083 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk 2015-11-02 12:16 - 2014-10-25 15:37 - 00000986 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk 2015-11-02 12:16 - 2013-12-05 22:49 - 00002179 _____ C:\Users\Owner\Desktop\HP Support Assistant.lnk 2015-11-02 12:16 - 2013-03-10 13:20 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk 2015-11-02 12:16 - 2012-01-23 13:08 - 00000000 ____D C:\Program Files (x86)\AMD APP 2015-11-02 12:16 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2015-11-02 12:16 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2015-11-02 12:02 - 2014-06-15 16:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-11-02 10:43 - 2013-08-18 09:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-02 10:43 - 2013-02-26 14:40 - 00000000 ____D C:\Users\Owner 2015-11-02 10:43 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System 2015-11-02 01:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF 2015-11-02 01:31 - 2014-01-18 18:00 - 00000000 ____D C:\Program Files (x86)\Bonjour 2015-11-02 00:44 - 2012-01-23 14:53 - 00000000 ____D C:\ProgramData\Recovery 2015-11-02 00:31 - 2013-09-23 16:48 - 00000000 ____D C:\Windows\Minidump 2015-11-02 00:31 - 2013-03-08 08:20 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps 2015-11-02 00:31 - 2011-02-11 12:00 - 00000000 ____D C:\Windows\Panther 2015-11-01 20:32 - 2013-03-28 19:01 - 00000000 ____D C:\Program Files (x86)\Google 2015-11-01 20:21 - 2013-03-03 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-01 20:05 - 2013-06-18 17:12 - 00000000 ____D C:\Program Files (x86)\DevPro 2015-11-01 20:04 - 2013-03-01 00:38 - 00000000 ____D C:\ProgramData\Skype 2015-11-01 20:03 - 2014-08-31 15:24 - 00000000 ____D C:\Program Files\Microsoft Security Client 2015-11-01 20:03 - 2013-03-01 00:38 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-11-01 20:02 - 2015-01-22 14:03 - 00000000 ____D C:\Users\Owner\AppData\Local\Ninja Loader 2015-11-01 20:02 - 2014-12-26 16:40 - 00000000 ____D C:\Users\Owner\AppData\Local\Search Protect 2015-11-01 20:02 - 2014-10-25 15:39 - 00000000 ____D C:\Program Files (x86)\Simple 2015-11-01 20:02 - 2014-10-25 15:38 - 00000000 ____D C:\Program Files (x86)\NpackdCL 2015-11-01 20:02 - 2014-08-31 15:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2015-11-01 20:02 - 2014-08-09 10:24 - 00000000 ____D C:\Users\Owner\AppData\Local\PC_Drivers_Headquarters 2015-11-01 20:02 - 2013-04-27 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon 2015-11-01 20:02 - 2013-03-01 00:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype 2015-11-01 20:02 - 2012-01-23 13:17 - 00000000 ____D C:\ProgramData\RoxioNow 2015-11-01 20:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2015-11-01 20:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism 2015-11-01 20:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration 2015-11-01 20:02 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-11-01 20:01 - 2014-09-13 16:18 - 00000000 ____D C:\Program Files\Elgato 2015-11-01 20:01 - 2013-03-15 14:31 - 00000000 ____D C:\Users\Public\Documents\MAGIX 2015-11-01 19:34 - 2014-11-08 13:40 - 00000000 ____D C:\ProgramData\7740e5e2-3946-433b-8ea8-e4290a5c4bc8 2015-11-01 18:16 - 2014-04-29 14:00 - 00000000 __SHD C:\Users\Owner\AppData\LocalLow\EmieSiteList 2015-11-01 16:14 - 2015-04-04 14:51 - 00000020 _____ C:\Users\Owner\AppData\Roaming\appdataFr3.bin 2015-10-26 01:03 - 2013-04-19 12:34 - 00000000 ____D C:\Program Files (x86)\GIMP-2.0 2015-10-26 01:02 - 2013-05-06 16:34 - 00000000 ____D C:\Users\Owner\.gimp-2.6 ==================== Files in the root of some directories ======= 2015-03-31 03:14 - 2015-03-31 03:14 - 0005655 _____ () C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93 2015-04-04 14:51 - 2015-11-01 16:14 - 0000020 _____ () C:\Users\Owner\AppData\Roaming\appdataFr3.bin 2015-03-09 16:30 - 2015-03-09 16:30 - 0005487 _____ () C:\Users\Owner\AppData\Roaming\QJNFZ 2015-03-31 03:14 - 2015-03-31 03:14 - 0004387 _____ () C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH 2014-08-09 09:54 - 2014-08-09 09:54 - 0000043 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG 2014-01-19 21:16 - 2014-07-02 18:56 - 0005120 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-03-10 13:17 - 2014-06-15 14:22 - 0003622 _____ () C:\ProgramData\hpzinstall.log 2013-12-16 18:33 - 2013-12-16 18:33 - 0000000 _____ () C:\ProgramData\spds90.txt Some files in TEMP: ==================== C:\Users\Owner\AppData\Local\Temp\abikkgv-.dll C:\Users\Owner\AppData\Local\Temp\DRHelper_uninstallComplete.exe C:\Users\Owner\AppData\Local\Temp\pmbrirno.dll C:\Users\Owner\AppData\Local\Temp\pyl2DE.tmp.exe C:\Users\Owner\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-30 07:24 ==================== End of FRST.txt ============================ ADDITION.TXT Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015 Ran by Owner (2015-11-02 15:46:53) Running from C:\Users\Owner\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2013-02-26 19:40:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2207880224-1610313754-884784625-500 - Administrator - Disabled) Guest (S-1-5-21-2207880224-1610313754-884784625-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2207880224-1610313754-884784625-1002 - Limited - Enabled) Owner (S-1-5-21-2207880224-1610313754-884784625-1000 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Build-a-lot (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard) DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden F300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden F300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden F300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Google Talk Plugin (HKLM-x32\...\{15CC861C-C69E-3758-8961-CE304C2595B6}) (Version: 4.4.2.14502 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Horizon v2.7.9.3 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.3 - Daring Development Inc.) HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard) HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company) HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.06.004 - Portrait Displays, Inc.) HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4231.26923 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP) HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP TouchSmart Browser (HKLM-x32\...\{7561C05C-FE30-4D0E-9B8D-5218734E3986}) (Version: 5.1.4167.12664 - Hewlett-Packard) HP TouchSmart Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - Hewlett-Packard) HP TouchSmart Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4171.15168 - Hewlett-Packard) HP TouchSmart Canvas (HKLM-x32\...\{00F15573-18BB-4FAD-A763-F29401609C2F}) (Version: 5.1.4160.26759 - Hewlett-Packard) HP TouchSmart Clock (HKLM-x32\...\{692D3BE1-0BD9-4B4C-A974-CB2EAEA99304}) (Version: 5.1.3882.1 - Hewlett-Packard) HP TouchSmart Get Updated! (HKLM-x32\...\{2B720998-2E26-4DD6-8AC8-A1FCA4B58384}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.) HP TouchSmart Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - Hewlett-Packard) HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.5414 - Hewlett-Packard) HP TouchSmart Paint Blast (HKLM-x32\...\{FBB0C095-4FF0-4AF6-8CD5-A80A390FB101}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.) HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.2.5414 - Hewlett-Packard) HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard) HP TouchSmart Rss (HKLM-x32\...\{2F1EB600-5E67-4AAA-9D5F-84430CDA4E47}) (Version: 5.1.4170.22458 - Hewlett-Packard) HP TouchSmart Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - Hewlett-Packard) HP TouchSmart Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - Hewlett-Packard) HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 4.0.0.4 - Hewlett-Packard) HP TouchSmart Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1514D}) (Version: 3.0.4162.32190 - Hewlett-Packard) HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.2.5414 - Hewlett-Packard) HP TouchSmart Weather (HKLM-x32\...\{52727E8B-5F72-4795-8BEA-4E1FF4BFA0D9}) (Version: 5.1.4184.10337 - Hewlett-Packard) HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.4214 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard) HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6349.0 - IDT) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{AB505D2E-B7C7-4D42-91E2-A130963CC963}) (Version: 7.0.1.27 - MAGIX AG) MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Mobile App Sync (HKLM-x32\...\Mobile App Sync) (Version: - Mobile App Sync) Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard) Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd) PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.) Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden SDK (x32 Version: 2.26.005 - Portrait Displays, Inc.) Hidden Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.12.13601 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden Unity Web Player (HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 03-01-2015 13:46:05 Windows Update 07-01-2015 16:42:24 Windows Update 21-01-2015 13:47:11 Uniblue SpeedUpMyPC installation 21-01-2015 13:55:01 Windows Update 22-01-2015 03:00:40 Windows Update 04-04-2015 11:54:21 Windows Update 04-04-2015 15:40:33 Windows Update 26-10-2015 00:49:36 Removed Elgato Game Capture HD 28-10-2015 02:37:32 Installed Skype™ 6.3 01-11-2015 19:36:56 Removed Bing Maps 3D 01-11-2015 19:40:51 Removed Firebird SQL Server - MAGIX Edition 01-11-2015 19:43:24 Removed HP TouchSmart eBay. 01-11-2015 19:56:56 Removed MySafeProxy for Internet Explorer 01-11-2015 19:59:27 Removed MySafeProxy for Internet Explorer 01-11-2015 20:01:58 Removed Text-To-Speech-Runtime 01-11-2015 20:02:38 Removed Skype™ 6.16 01-11-2015 20:06:22 Removed NpackdCL 01-11-2015 20:26:10 Restore Operation 02-11-2015 01:30:39 Removed Bonjour ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0BD2C35D-5DC5-4EED-B50F-F71E15B2D037} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-07] (PC Drivers Headquarters) Task: {0BEFAA6D-6A34-45EF-A04F-5358246C1A48} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-07] (PC Drivers Headquarters) Task: {0F1E6322-7A91-476C-9B3F-5451ABDC82AE} - System32\Tasks\UU6SvxKEVNf7SyAH => C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe <==== ATTENTION Task: {23A67A6D-2679-4AB5-8C90-187C19528E5C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation) Task: {48B8E1E3-69AB-489B-A8C2-AD56A27FD50C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard) Task: {509D3D3A-803C-4076-9A52-ABF4FED5AD28} - System32\Tasks\QJNFZ => C:\Users\Owner\AppData\Roaming\QJNFZ.exe <==== ATTENTION Task: {6EDB8CB9-EFF1-480A-8AC0-CE82D50C862A} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-07] (PC Drivers Headquarters) Task: {6F635CEA-B126-4FDD-9385-288575A110C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {7229F1C5-A02E-4760-909C-A6DD6BFDB147} - System32\Tasks\7VFDP8RjMzr9UuBo7rJhCRm93 => C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93.exe <==== ATTENTION Task: {7D39345B-740B-44E9-A268-4237B398FD1D} - System32\Tasks\NSManager_1414299421 => C:\Users\Owner\AppData\Local\NSManager\manager.exe Task: {93EBDF39-C20B-4FF2-BCCE-3BE3252C5183} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-04] (Adobe Systems Incorporated) Task: {95B9B6E8-E10F-4E48-B0A1-46F6E28733B9} - System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093} => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION Task: {A31E685D-0FAA-4FCB-B2BD-8D18BB3E0955} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A52F0343-AE12-4FF5-9006-141BE77D1233} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-07] (PC Drivers Headquarters) Task: {B112CE94-5188-43A0-8148-218E9AE7D486} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {BAAC9490-CE5B-419F-94E9-AFE930E037FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {BCDD12B5-A324-4DC9-86A3-00592AD1512A} - System32\Tasks\Component System\Component => C:\Users\Owner\AppData\Local\ComponentG\com.exe [2014-12-05] () Task: {BCE8A9F7-F4F7-4608-8896-34EA0FA2EF77} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-20] (CyberLink) Task: {C6A808AB-BA3E-441F-B809-10A565F23BA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {C821436B-DFE4-479E-933D-3E3B6CA3E73E} - System32\Tasks\KCHDV => C:\ProgramData\7ab908b490c44993b797d817bd42cf5f\7ab908b490c44993b797d817bd42cf5f.exe <==== ATTENTION Task: {CA5A00AC-8BAD-46F9-AB02-AD39559D58C1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2011-05-30] (CyberLink) Task: {CDAC49B7-E052-48B9-8CF1-E2075B789E17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {DA31DA4E-5AED-45C2-836D-5EB0475AF74A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {FF552E37-CE49-417D-81C5-76B0EBC5040C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093}.job => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION Task: C:\Windows\Tasks\7VFDP8RjMzr9UuBo7rJhCRm93.job => C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93.exe <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Driver Support-RTMRules.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe Task: C:\Windows\Tasks\Driver Support-RTMScan.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe Task: C:\Windows\Tasks\Driver Support-RTMUpdater.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\QJNFZ.job => C:\Users\Owner\AppData\Roaming\QJNFZ.exe <==== ATTENTION Task: C:\Windows\Tasks\UU6SvxKEVNf7SyAH.job => C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2014-08-07 07:57 - 2014-08-07 07:57 - 00440712 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll 2011-06-30 03:14 - 2011-06-30 03:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-03-14 17:20 - 2011-03-14 17:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2012-01-23 13:25 - 2011-02-15 14:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:D346F792 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2207880224-1610313754-884784625-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.254.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{7927F410-6819-4DE6-B86D-603B2E001805}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{8417E9C7-B837-4BE6-B880-D3136F4B9B1B}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{EA07D083-A55D-436D-A914-73E9DF89F0C9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe FirewallRules: [{6834F06F-86C3-4D31-97C0-D9122EEBE450}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe FirewallRules: [{A8F0DA3E-37E9-4BCC-B528-71D0916AC157}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe FirewallRules: [{8FD614C0-5217-430C-A6EE-D6F236CAF55C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\HPTouchSmartPhoto.exe FirewallRules: [{24759234-0B75-43AC-8366-D2626DA05DA4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\PhotoAgent.exe FirewallRules: [{BC3D2403-4972-4E9B-949E-EEB19BB1E8CA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe FirewallRules: [{E10046C7-3E5D-4D7A-994F-C1BD35524069}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe FirewallRules: [{8E773BFC-071E-4F25-B607-505806B6016B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartVideo.exe FirewallRules: [{9A122064-03AF-40BF-A4C0-565FEC042213}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe FirewallRules: [{FFFC7C85-282A-44E6-BC97-BC39DF9F19F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe FirewallRules: [{7FAD085B-BAC0-486B-90E3-271F3C341E21}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{92CDB538-5C9E-4368-9350-26E8AD9F7CEA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{728235F1-E711-45DA-BB38-578A2E2D687A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{C20EF660-6327-47C7-BDF0-D11AB63AE0F5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{6137C26C-FED5-48C1-B585-4A51A1E5333B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{A26F9165-7CD6-4B50-A0C4-DB4D736A2434}] => (Allow) LPort=2869 FirewallRules: [{64090673-3A50-433C-9A89-05CC7AAB7FB3}] => (Allow) LPort=1900 FirewallRules: [{82B591B6-2293-4F6E-858D-9CFAE6C6EF54}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{8FBE1F9F-24A1-4DC2-80D8-1190D6AE32EC}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{C91EF481-7985-4FB4-A71C-94B32AA73D98}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{4F8B029D-1FC3-4290-ABED-8C7CE1A13206}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{E4314CF4-B259-4A18-8126-F36F2B6E25D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{7F8D2FB7-3095-45E1-935C-5F5DAD85E16E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{75A1894D-4619-47E4-A833-1792E6EEC9E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{DB512FBA-4DEC-441F-915D-07334612D6F9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{2EAA8AA9-F111-4E26-BAB8-937B24FA3381}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{7CD44E6B-F687-414C-9F55-A7B8037D97E8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{4EBF8E4C-CFEC-4598-8BB2-D810CA33E436}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{2B7C383D-AFC7-4844-95FC-09B7D915517B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{128E5039-56C4-4804-9C9A-76975D830F92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{0A5C8516-44BC-42F0-946E-0DF94731B1F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{BABFF70C-129C-420D-ADDD-2BA26B3E6B5E}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe FirewallRules: [{D1C4B647-6109-46F3-9DD5-E576F1039C05}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe FirewallRules: [{8D170693-2C00-4BEF-8AEA-08453A275E2E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe FirewallRules: [{B2BA856A-7413-4CE1-A7FA-8443B8634E5F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{5C2A00E6-BA8D-4F30-8C72-E1D83ACE2A4D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{D66699EA-D292-453B-BB9A-A765F071CE24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe FirewallRules: [{3732A0B6-6902-43A1-B944-CBD85B285DBF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{EAA6BEA3-58F7-432F-8F14-2F5D2C7761BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{CA53DD46-D28F-4DE7-8AD6-C12BB62C3C4A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{AC7DCF90-D390-45DD-B3C6-544FF8EE501F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{CF54AC37-858F-492B-A369-17287E38AC0E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{93BBC29D-EDA3-4325-ACF5-9785CA3653F8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{070FF275-5817-42B5-A297-A14ECE51C6CE}] => (Allow) C:\UDK\UDK-2013-02\Binaries\Win32\UDK.exe FirewallRules: [{F3920596-63FD-4D4E-9CBC-673C22C668DD}] => (Allow) C:\UDK\UDK-2013-02\Binaries\Win32\UDK.exe FirewallRules: [{807698D3-5BA6-49BC-925F-7BE59ADED02B}] => (Allow) C:\UDK\UDK-2013-02\Binaries\Win64\UDK.exe FirewallRules: [{CFB134DF-9C1A-495F-8944-A4318EB2EE05}] => (Allow) C:\UDK\UDK-2013-02\Binaries\Win64\UDK.exe FirewallRules: [TCP Query User{251B391E-E770-431E-A529-EC3C9BE94B92}C:\users\owner\downloads\utorrent.exe] => (Block) C:\users\owner\downloads\utorrent.exe FirewallRules: [uDP Query User{6ED95815-8512-40F2-95A4-2EA93DABB8FE}C:\users\owner\downloads\utorrent.exe] => (Block) C:\users\owner\downloads\utorrent.exe FirewallRules: [TCP Query User{57CCB296-EAB6-4477-84D8-B100275B70BC}C:\users\owner\appdata\local\temp\rar$exa0.417\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.417\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [uDP Query User{BC2359B8-1A9F-4B10-B8C3-8D74E1CD8469}C:\users\owner\appdata\local\temp\rar$exa0.417\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.417\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [TCP Query User{4A89D38B-4374-486B-8771-F77B09808572}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe FirewallRules: [uDP Query User{06B04513-4EC3-4EDF-BE24-62222A79AA23}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe FirewallRules: [TCP Query User{DAACA051-6D27-4A58-818F-A8AA8EFF7D09}C:\users\owner\appdata\local\temp\rar$exa0.554\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.554\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [uDP Query User{EF4C8B32-1EB0-4226-94EC-70472BFFFA07}C:\users\owner\appdata\local\temp\rar$exa0.554\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.554\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [TCP Query User{EA27D1D5-FCF2-447B-BC40-F96F91C2D4E6}C:\users\owner\appdata\local\temp\rar$exa0.707\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.707\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [uDP Query User{1B5EA772-454D-4AF9-9496-316141BCC6C2}C:\users\owner\appdata\local\temp\rar$exa0.707\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.707\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [TCP Query User{EDA1E31E-1AF8-4A53-8485-2526E8005B89}C:\users\owner\appdata\local\temp\rar$exa0.700\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.700\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [uDP Query User{5C541298-7FBC-408F-A426-213F80514FDA}C:\users\owner\appdata\local\temp\rar$exa0.700\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.700\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [TCP Query User{2D9BB648-377F-46A3-9C4B-8A7AA64D10E4}C:\users\owner\appdata\local\temp\rar$exa0.544\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.544\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [uDP Query User{8246D8B8-2C92-494B-A779-62E47AAF8A4C}C:\users\owner\appdata\local\temp\rar$exa0.544\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.544\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [TCP Query User{9F266EE2-189B-4FB7-AF05-F338B29C14BD}C:\users\owner\appdata\local\temp\rar$exa0.778\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.778\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [uDP Query User{DE093A43-7E42-41B7-A369-9BCD00A76A69}C:\users\owner\appdata\local\temp\rar$exa0.778\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.778\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [TCP Query User{11E21DE4-A828-4573-8CC4-E0290390BFF1}C:\users\owner\appdata\local\temp\rar$exa0.938\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.938\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [uDP Query User{FE8EFB62-F496-4C03-BECC-3CD16E48757D}C:\users\owner\appdata\local\temp\rar$exa0.938\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.938\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [TCP Query User{79314B88-E11A-435D-A1E9-E90FAD567EAF}C:\users\owner\appdata\local\temp\rar$exa0.988\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.988\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [uDP Query User{82828E6C-89EB-4931-A7F5-4257B928A61D}C:\users\owner\appdata\local\temp\rar$exa0.988\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.988\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [TCP Query User{A2F53746-FCF2-404C-B71E-295BDCC33240}C:\users\owner\appdata\local\temp\rar$exa0.195\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.195\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [uDP Query User{18B4D735-6D53-4792-8212-2B288A3C8502}C:\users\owner\appdata\local\temp\rar$exa0.195\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.195\bitcoin-0.8.1-win32\bitcoin-qt.exe FirewallRules: [TCP Query User{A2414218-56EB-4581-B021-B98FE2FE1BF1}C:\program files (x86)\devpro\devpro.dll] => (Block) C:\program files (x86)\devpro\devpro.dll FirewallRules: [uDP Query User{DC8BF003-1671-488E-98F7-459DA5B694D3}C:\program files (x86)\devpro\devpro.dll] => (Block) C:\program files (x86)\devpro\devpro.dll FirewallRules: [{ED26CDDD-AD54-4647-8E0F-56E4625310F6}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe FirewallRules: [{289A686F-DD67-4053-8C3E-E2AC0E74FE16}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe FirewallRules: [{568939C8-7CA5-406A-A75A-4A1B6281127A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{49BC0482-051D-4918-9A70-A9F54B3356D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{67BB758C-ACD4-44EF-818F-CC6F66278696}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{76B16E39-5C4A-4573-97B2-54547AD157A2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{46EE590F-FC77-4CF0-A623-C38E3E8620B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0B572F81-3972-425E-AFC4-689937F38A39}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{4CE86EDC-0435-4877-A7F2-1A65D73233B4}] => (Allow) C:\Program Files (x86)\Apowersoft\Free Music Downloader\Free Music Downloader.exe FirewallRules: [{6174D756-AA74-4665-A73B-871A39C5C4A6}] => (Allow) C:\Program Files (x86)\Apowersoft\Free Music Downloader\Free Music Downloader.exe FirewallRules: [TCP Query User{7F68E454-D441-438F-8466-24D54534E2BD}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe FirewallRules: [uDP Query User{33BB03EB-6F80-4660-8992-D1B201FEBABE}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe FirewallRules: [{549E37E8-CAB5-4E10-8D9F-FDE77F5411C2}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe FirewallRules: [{733EDDC0-448A-4CAF-9B5B-1109C4DD2A5A}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe FirewallRules: [{DDFBE54D-8E8B-4921-8B18-DF03D7FA485D}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe FirewallRules: [TCP Query User{E7D45A35-7DA1-42F6-A96D-A5587EF6041E}C:\udk\udk-2013-02\binaries\win32\udk.exe] => (Block) C:\udk\udk-2013-02\binaries\win32\udk.exe FirewallRules: [uDP Query User{F4BE6D6A-A9E1-4FE0-B9F0-B89AC3EA450D}C:\udk\udk-2013-02\binaries\win32\udk.exe] => (Block) C:\udk\udk-2013-02\binaries\win32\udk.exe FirewallRules: [{C25AD023-3EDF-4D75-AE77-66CEDF665DFB}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe FirewallRules: [{654128FB-C1D3-41F3-84DC-77BA6DA80DC2}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe FirewallRules: [{7CCC81CD-1CBD-4329-BE9A-E482D8D8CF26}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft Teredo Tunneling Adapter Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/02/2015 03:42:05 PM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.Net.Sockets.SocketException at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled) at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions) at HPTouchSmartSyncCalReminderApp.Program.StartExecution() Error: (11/02/2015 03:39:41 PM) (Source: Schedule) (EventID: 0) (User: ) Description: Schedule error: 10106Initialize call failed, bailing out Error: (11/02/2015 12:21:11 PM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.Net.Sockets.SocketException at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled) at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions) at HPTouchSmartSyncCalReminderApp.Program.StartExecution() Error: (11/02/2015 12:18:43 PM) (Source: Schedule) (EventID: 0) (User: ) Description: Schedule error: 10106Initialize call failed, bailing out Error: (11/02/2015 10:51:21 AM) (Source: Schedule) (EventID: 0) (User: ) Description: Schedule error: 10106Initialize call failed, bailing out Error: (11/02/2015 10:35:46 AM) (Source: Schedule) (EventID: 0) (User: ) Description: Schedule error: 10106Initialize call failed, bailing out Error: (11/02/2015 02:04:03 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Initialization failed 0x80080005 Type: 88::UnexpectedError. Error: (11/02/2015 01:54:36 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.Net.Sockets.SocketException at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled) at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions) at HPTouchSmartSyncCalReminderApp.Program.StartExecution() Error: (11/02/2015 01:52:11 AM) (Source: Schedule) (EventID: 0) (User: ) Description: Schedule error: 10106Initialize call failed, bailing out Error: (11/02/2015 01:48:30 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.Net.Sockets.SocketException at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled) at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions) at HPTouchSmartSyncCalReminderApp.Program.StartExecution() System errors: ============= Error: (11/02/2015 03:47:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The IPsec Policy Agent service terminated with the following error: %%10106 Error: (11/02/2015 03:47:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The IPsec Policy Agent service terminated with the following error: %%10106 Error: (11/02/2015 03:47:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The IPsec Policy Agent service terminated with the following error: %%10106 Error: (11/02/2015 03:45:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The IPsec Policy Agent service terminated with the following error: %%10106 Error: (11/02/2015 03:45:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The IPsec Policy Agent service terminated with the following error: %%10106 Error: (11/02/2015 03:42:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Update service terminated with the following error: %%-2147014790 Error: (11/02/2015 03:42:23 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: ) Description: 0x80070057 Error: (11/02/2015 03:42:23 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: ) Description: WMPNetworkSvc0xc00d4268 Error: (11/02/2015 03:42:23 PM) (Source: WMPNetworkSvc) (EventID: 14356) (User: ) Description: 0x80070057 Error: (11/02/2015 03:42:23 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: ) Description: WMPNetworkSvc0xc00d4268 ==================== Memory info =========================== Processor: AMD A4-3400 APU with Radeon HD Graphics Percentage of memory in use: 38% Total physical RAM: 3570.78 MB Available physical RAM: 2195.5 MB Total Virtual: 7139.75 MB Available Virtual: 5545.31 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:916.75 GB) (Free:836.51 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:14.67 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 573054B9) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=916.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  5. ahh, .... sneaky adwares.... I thought I seen obrona and got rid of it a few days ago. apparently not lol. Well you made this momma's day. Thanks
  6. Thanks again and I will donate, I was trying to figure this out for the last three days, If possible could you tell me what was the cause of the pop-ups? inquiring minds at my house would like to know
  7. ok , it did ask for the restart, I have attached the fixlog Fixlog.txt
  8. hello! hope everyone has had a good holiday, my son's computer has somehow gotten infected by some type of malware. Everytime we get on the internet or his gaming program steam, popups come up inside the browser. I ran malwarebytes and Pum.bad.proxy keeps coming back along with some pup.optional that I delete with ccleaner. I have tried running task manager to see if I could narrow it down to a certain process and manually remove but I don't ever see anything out of the ordinary. I completely uninstalled Steam and Google Chrome but the pop ups show up on Internet Explorer. I am at a loss on how to get rid of this,Please help! We have Microsoft Security Essentials, malwarebytes, ccleaner. After reading some of the posts on this forum I have also downloaded FRST, Rkill, roguekiller. didn't delete anything on roguekiller just ran scan so I could get a report. I will attach files for all of this. malwareexport.txt FRST.txt Addition.txt Rkill.txt RKreport_SCN_12262014_155439.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.