straokiegrl99

Honorary Members

View Profile See their activity

Posts
33
Joined
September 10, 2015
Last visited
September 17, 2015

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by straokiegrl99

I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

MrCharlie, yes, thank you so much for the OpenDNS info! While trying to sign in, I discovered that I couldn't sign in, and did a remote with a Verizon tech, who informed me that my sign in page was already configured for my FIOS Quantum Gateway router that I purchased for $150 about 6 months ago but haven't hooked up yet. I'm still using the old router. Why would I have a sign in page for a router I am not even using??? I told him/her that I was not going to hook the dang thing up at 3 a.m., even with his/her step-by-step instruction. SO......long story short......no OpenDNS for me, I suppose, until I hook up my new router so I can sign in to it.
- September 17, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

Hi MrC! Hi Sare! Bad news.....the popups have started again......same IP address 92.242.140.21, but different website address.....idcs.interclick.com......I have posted all the malware logs on Avast forums and am working with essexboy there (I think). I believe you are right, Sare, I think it's a software problem as well, mostly because every time I sign off now, I'm getting oodles of Windows updates to download daily......so someone is working hard on something. I imagine they are working on Windows 10 bugs, now that I think about it. They offered it to me, but I haven't taken them up yet. Maybe I should. That might solve my problem...... This laptop is 5 yrs. old now....in this day and age, that's fairly obsolete. thinking about just springing for a new one and starting over with Windows 10 on it, kind of tired of Windows 7, and I understand the security is better on 10........what do you think? I like those new ones that can stand up like "tent cards", they're kinda cool! 17" HP of course.
- September 17, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

Sare, also I forgot to mention, to get the popups to stop, daughter's bf went into Internet Options in IE and reset the security level to the default setting. I had changed it some time ago. He said it should be set at "default". That apparently stopped the popups. Take Care, Jonna
- September 16, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

Sare, sorry to see you are dealing with that annoyance again....I have oddly had one single popup since yesterday, but it was something different. I didn't even remember the site, but "facebook" was in the address, and it was while I was using Facebook. Only happened once. Really strange. But since my daughter's boyfriend "tinkered" with my machine, I have other problems now.....for the first time ever, while shopping on Amazon, when I put items in the cart, then click on the cart to check out, all my items disappear! One second the site recognizes me, the next page I'm on, it doesn't. Very annoying. At this point, I'm considering just going back to a point in time about 6 months ago on this beast and see if that helps......
- September 16, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

Hi Sare, Wow, you're lucky the thing fixed itself finally. It was continuing to popup for me until just a short while ago (this early a.m. Monday, EST in the USA, that is). I went so far as to have a Verizon support tech remotely take over my laptop to see why I couldn't sign in to my router (so I could change my DNS address to OpenDNS), but that didn't work out, and luckily, late last night, my daughter's boyfriend came by and he is great with this stuff.........he figured out that su2.ff.avast.com is actually not "malicious" afterall, but rather, just an update page from Avast! Apparently, Malwarebytes didn't "know" how to handle that particular page or recognize it, or something to that effect, so treated it as malicious......long story short.........daughter's boyfriend did a couple tweaks, and finally a boot scan that took 3 and a half hours, and the bloody thing is finally gone. Whew! Thanks for the tip! Glad you got rid of it as well. Jonna (straokiegrl99)
- September 14, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

okay. hahahahaha. can't sign in to my router. I have never had the need to do that, and Verizon's "default" userid and password aren't working......their troubleshooting page tells me this has "serious consequences" as I will have to set my router to factory default settings which will mess up every gadget in my house......oh boy. working on this........
- September 14, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

MrC....you give us technologically challenged folks of the female gender wayyyy too much credit for being savvy....okay.....working on it.
- September 13, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

"Please be careful and take screen shots of what you change in case something goes wrong."????!!! Whoa.....don't scare me now.......
- September 13, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

Yes, it's Actiontec M1424WR.
- September 12, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

Odd thing is, I did the OpenDNS test page, and it says I'm not using is, but then when I check it, it clearly shows i'm using DNS servers that are OpenDNS numbers.......I don't get it.
- September 12, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

MrCharlie....I hate to admit defeat, but I am completely frustrated and unfortunately cannot seem to complete what may seem to be simple tasks to you guys here, so I am going to take a break and come back, possibly to report that I have decided to take this monster of a machine to the geeks at Best Buy and let them have at it. I have too much other stuff on my mind to concentrate on this, even though this is of utmost importance to me.......I will of course compensate you for your time and help. I am still having popups of this malicious website being blocked.......
- September 12, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 Ran by Jonna (administrator) on JONNA-HP (12-09-2015 14:04:46) Running from C:\Users\Jonna\Desktop Loaded Profiles: Jonna (Available Profiles: Jonna) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Users\Jonna\AppData\Local\Amazon Music\Amazon Music Helper.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-26] (AVAST Software) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\Run: [Amazon Music] => C:\Users\Jonna\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-30] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B04AF4AC-5E52-4B9B-BDB1-122A392238B0}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BA3EF5D4-CE25-4D9C-A8DF-4B86693B11A6}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{BA3EF5D4-CE25-4D9C-A8DF-4B86693B11A6}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/ SearchScopes: HKLM -> {8F2148B9-EADC-444D-98CB-51C7606F23A5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {A31C0831-BCE8-44A0-BAAE-0BA1F693980B} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-30] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie64.dll [2014-07-16] (WinZip Computing, S.L.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-30] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie32.dll [2014-07-16] (WinZip Computing, S.L.) FireFox: ======== FF ProfilePath: C:\Users\Jonna\AppData\Roaming\Mozilla\Firefox\Profiles\4ef4j6eu.default FF NewTab: hxxps://us.search.yahoo.com/yhs/web?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_NT,205,0_0,NewTab,20141250,20031,0,IE11,6944 FF DefaultSearchUrl: hxxp://www.bing.com/search FF SearchEngineOrder.1: Yahoo FF SearchEngineOrder.2: Microsoft (Bing) FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Yahoo FF Homepage: hxxps://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20141250,20031,0,31,0 FF Keyword.URL: hxxp://www.bing.com/search?FORM=U162DF&PC=U162&q= FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1059708350-3765293519-1878549072-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Jonna\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-13] (Citrix Online) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-04] FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExt FF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt [2015-01-30] Chrome: ======= CHR Profile: C:\Users\Jonna\AppData\Local\Google\Chrome\User Data\Default CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-30] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-07-30] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-01-02] (Microsoft Corporation) R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] () S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-30] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-07-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-30] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-07-30] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-30] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-13] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-30] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-30] (AVAST Software) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-08-12] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-11 13:26 - 2015-09-11 13:26 - 00000000 ____D C:\Users\Jonna\Documents\Add-in Express 2015-09-10 18:56 - 2015-09-10 18:56 - 00060808 _____ C:\Users\Jonna\Desktop\NewFRST.txt 2015-09-10 18:55 - 2015-09-10 18:55 - 00042828 _____ C:\Users\Jonna\Desktop\NewAddition.txt 2015-09-10 18:50 - 2015-09-12 14:05 - 00016721 _____ C:\Users\Jonna\Desktop\FRST.txt 2015-09-10 18:47 - 2015-09-10 18:47 - 02190848 _____ (Farbar) C:\Users\Jonna\Desktop\FRST64.exe.vib3hc3.partial 2015-09-10 17:58 - 2015-09-10 17:58 - 00001915 _____ C:\Users\Jonna\Downloads\fixlist.txt 2015-09-10 14:30 - 2015-09-10 14:30 - 00001646 _____ C:\Users\Jonna\Desktop\JRT.txt 2015-09-10 13:51 - 2015-09-10 16:00 - 00000000 ____D C:\AdwCleaner 2015-09-10 13:51 - 2015-09-10 13:51 - 01660416 _____ C:\Users\Jonna\Desktop\AdwCleaner.exe 2015-09-10 10:07 - 2015-09-10 18:51 - 00042828 _____ C:\Users\Jonna\Desktop\Addition.txt 2015-09-10 10:05 - 2015-09-12 14:04 - 00000000 ____D C:\FRST 2015-09-10 10:04 - 2015-09-10 18:48 - 02190848 _____ (Farbar) C:\Users\Jonna\Desktop\FRST64.exe 2015-09-10 00:17 - 2015-09-10 00:17 - 00000256 _____ C:\Users\Jonna\Desktop\viruses and worms (2).url 2015-09-09 21:28 - 2015-08-27 14:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-09 21:28 - 2015-08-27 14:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-09 21:28 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-09 21:28 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-09 21:28 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-09 21:28 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-09 21:28 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-09-09 21:28 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-09-09 21:28 - 2015-08-17 21:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-09 21:28 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-09 21:28 - 2015-08-15 02:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-09 21:28 - 2015-08-15 02:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-09 21:28 - 2015-08-15 02:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-09-09 21:28 - 2015-08-15 02:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-09-09 21:28 - 2015-08-15 02:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-09-09 21:28 - 2015-08-15 02:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-09 21:28 - 2015-08-15 02:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-09 21:28 - 2015-08-15 02:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-09 21:28 - 2015-08-15 02:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-09-09 21:28 - 2015-08-15 02:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-09 21:28 - 2015-08-15 02:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-09-09 21:28 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-09 21:28 - 2015-08-15 02:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-09 21:28 - 2015-08-15 02:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-09 21:28 - 2015-08-15 02:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-09-09 21:28 - 2015-08-15 02:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-09 21:28 - 2015-08-15 02:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-09-09 21:28 - 2015-08-15 02:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-09 21:28 - 2015-08-15 01:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-09-09 21:28 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-09-09 21:28 - 2015-08-15 01:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-09 21:28 - 2015-08-15 01:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-09-09 21:28 - 2015-08-15 01:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-09-09 21:28 - 2015-08-15 01:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-09 21:28 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-09 21:28 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-09-09 21:28 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-09-09 21:28 - 2015-08-15 01:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-09 21:28 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-09-09 21:28 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-09-09 21:28 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-09 21:28 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-09-09 21:28 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-09-09 21:28 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-09-09 21:28 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-09 21:28 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-09-09 21:28 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-09-09 21:28 - 2015-08-15 01:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-09 21:28 - 2015-08-15 01:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-09 21:28 - 2015-08-15 01:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-09 21:28 - 2015-08-15 01:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-09-09 21:28 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-09-09 21:28 - 2015-08-15 01:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-09 21:28 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-09-09 21:28 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-09-09 21:28 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-09-09 21:28 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-09-09 21:28 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-09 21:28 - 2015-08-15 01:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-09 21:28 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-09 21:28 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-09 21:28 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-09 21:28 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-09-09 21:28 - 2015-08-15 00:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-09 21:28 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-09 21:28 - 2015-08-15 00:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-09 21:28 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-09 21:28 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-09 21:28 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-09 21:28 - 2015-08-05 13:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-09 21:28 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-09 21:28 - 2015-08-04 14:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-09-09 21:28 - 2015-08-04 14:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-09-09 21:28 - 2015-08-04 13:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-09 21:28 - 2015-08-04 13:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-09 21:28 - 2015-08-04 13:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-09 21:28 - 2015-08-04 13:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-09 21:28 - 2015-08-04 13:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-09 21:28 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-09 21:28 - 2015-08-04 12:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-09-09 21:28 - 2015-07-22 20:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-09-09 21:28 - 2015-07-22 20:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-09 21:28 - 2015-07-22 20:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-09 21:28 - 2015-07-22 20:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-09-09 21:28 - 2015-07-22 20:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-09-09 21:28 - 2015-07-22 20:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-09-09 21:28 - 2015-07-22 20:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-09-09 21:28 - 2015-07-22 20:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-09-09 21:28 - 2015-07-22 20:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-09-09 21:28 - 2015-07-22 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-09 21:28 - 2015-07-22 20:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-09-09 21:28 - 2015-07-22 20:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-09-09 21:28 - 2015-07-22 20:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-09-09 21:28 - 2015-07-22 20:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-09-09 21:28 - 2015-07-22 19:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-09-09 21:28 - 2015-07-22 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 19:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-09-09 21:28 - 2015-07-22 13:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-09-09 21:28 - 2015-07-22 13:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-09-09 21:28 - 2015-07-22 13:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-09-09 21:28 - 2015-07-22 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-09-09 21:28 - 2015-07-22 13:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-09-09 21:28 - 2015-07-22 13:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-09-09 21:28 - 2015-07-22 13:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-09-09 21:28 - 2015-07-22 13:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-09-09 21:28 - 2015-07-22 13:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-09-09 21:28 - 2015-07-22 13:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-09-09 21:28 - 2015-07-22 13:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-09-09 21:28 - 2015-07-22 13:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-09-09 21:28 - 2015-07-22 13:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-09-09 21:28 - 2015-07-22 12:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-09-09 21:28 - 2015-07-22 12:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-09-09 21:28 - 2015-07-22 12:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-09-09 21:28 - 2015-07-22 12:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-09-09 21:28 - 2015-07-22 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-09-09 21:28 - 2015-07-22 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-09-09 21:28 - 2015-07-22 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-09-09 21:28 - 2015-07-14 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-09-09 21:28 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-09-09 21:28 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-09-09 21:28 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-09-09 21:28 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-09-09 21:28 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll 2015-09-09 21:28 - 2015-06-25 06:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-09 21:28 - 2015-06-25 06:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-09 21:28 - 2015-06-25 06:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-09-09 21:28 - 2015-06-25 05:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-09 21:27 - 2015-09-01 23:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-09 21:27 - 2015-09-01 23:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-09 21:27 - 2015-09-01 23:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-09 21:27 - 2015-09-01 23:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-09 21:27 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-09-09 21:27 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-09 21:27 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-09-09 21:27 - 2015-09-01 22:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-09-09 21:27 - 2015-09-01 21:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-09 21:27 - 2015-09-01 21:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-09 21:27 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-09 21:27 - 2015-08-26 14:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-09 21:27 - 2015-08-26 14:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-09 21:27 - 2015-08-26 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-09 21:27 - 2015-08-26 14:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-09 21:27 - 2015-08-26 14:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-09 21:27 - 2015-08-26 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-09 21:27 - 2015-08-26 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-09 21:27 - 2015-08-26 14:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-09 21:27 - 2015-08-26 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-09 21:27 - 2015-08-26 14:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-09 21:27 - 2015-08-26 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-09-09 21:27 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-09 21:27 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-09 21:27 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-09 21:27 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-09-09 21:27 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-07 16:16 - 2015-09-07 16:16 - 00001826 _____ C:\Users\Jonna\Desktop\Hokku Designs Gnarls Coffee Table AllModern.url 2015-09-07 09:10 - 2015-09-07 09:10 - 00002417 _____ C:\Users\Jonna\Desktop\Diabetes Drug Metformin Might Also Help Fight Cancer.url 2015-09-05 20:11 - 2015-09-06 09:19 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\02E51B6A.sys 2015-09-04 20:09 - 2015-09-04 20:09 - 41261584 _____ (Amazon) C:\Users\Jonna\Desktop\AmazonMusicInstaller.exe 2015-08-27 10:26 - 2015-08-27 10:26 - 00003544 _____ C:\Windows\System32\Tasks\HP AR Program Upload - 6674c406596c48429d7bcfee64d802e55b3bfd62ec234059bc1e9929b92a0b02 2015-08-25 15:28 - 2015-08-25 15:28 - 00001539 _____ C:\Users\Jonna\Desktop\Elle Glasses Elle EL13340 BR Brown - Coastal.com®.url 2015-08-25 15:27 - 2015-08-25 15:27 - 00001537 _____ C:\Users\Jonna\Desktop\Love Glasses Love L761 Satin Teal - Coastal.com®.url 2015-08-24 08:47 - 2015-08-24 08:47 - 00000316 _____ C:\Users\Jonna\Desktop\Cluster B personality disorders - Wikipedia, the free encyclopedia.url 2015-08-22 10:33 - 2015-08-22 10:33 - 00000921 _____ C:\Users\Jonna\Desktop\Orange and Jasmine Scented Soaps Orange-Shaped Soap.url 2015-08-22 01:24 - 2015-08-22 01:24 - 00000292 _____ C:\Users\Jonna\Desktop\Orange Flavored Ginger Candy, Chimes Ginger Chews.url 2015-08-19 10:37 - 2015-08-19 10:37 - 00000299 _____ C:\Users\Jonna\Desktop\Capital One 360 - Login - Logout.url 2015-08-18 17:18 - 2015-08-18 17:18 - 00000164 _____ C:\Users\Jonna\Desktop\Melissa McCarthy Coming Soon!.url 2015-08-18 16:14 - 2015-08-18 16:14 - 00000301 _____ C:\Users\Jonna\Desktop\QVC.url 2015-08-16 10:34 - 2015-08-16 10:34 - 00002865 _____ C:\Users\Jonna\Desktop\Friends of Felines Rescue Center 24-7 Kitty Cam., Ustream.TV The kittycam is a 24-7 view into the rescue center and the lives of the kittens and cats it s....url 2015-08-16 10:34 - 2015-08-16 10:34 - 00002206 _____ C:\Users\Jonna\Desktop\Kabana Cam FFRC on USTREAM Friends of Feline Kabana sunroom Cats camera. Cats.url 2015-08-16 08:48 - 2015-08-16 08:48 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-08-16 08:48 - 2015-08-16 08:48 - 00001713 _____ C:\ProgramData\Desktop\iTunes.lnk 2015-08-16 08:48 - 2015-08-16 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-08-16 08:47 - 2015-08-16 08:48 - 00000000 ____D C:\Program Files\iTunes 2015-08-16 08:47 - 2015-08-16 08:47 - 00000000 ____D C:\Program Files\iPod 2015-08-16 08:47 - 2015-08-16 08:47 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-08-14 09:49 - 2015-08-14 09:49 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\733A088B.sys 2015-08-13 21:21 - 2015-08-13 21:21 - 00000268 _____ C:\Users\Jonna\Desktop\Lizard Lick Sauce.url 2015-08-13 11:18 - 2015-08-13 11:18 - 00000696 _____ C:\Users\Jonna\Desktop\Your Turn Archives - FederalNewsRadio.com.url ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-12 13:44 - 2015-07-16 09:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-12 13:10 - 2014-12-22 11:32 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-12 12:57 - 2014-07-12 16:05 - 00004972 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonna-HP-Jonna Jonna-HP 2015-09-12 12:51 - 2012-03-19 02:24 - 01450706 _____ C:\Windows\WindowsUpdate.log 2015-09-12 12:43 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-12 12:43 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-12 12:40 - 2015-05-15 07:49 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJonna 2015-09-12 12:40 - 2015-05-15 07:49 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForJonna.job 2015-09-12 12:37 - 2012-06-18 13:14 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1760319-1653-46B0-8071-3D07CF35F67D} 2015-09-12 12:33 - 2015-07-06 14:56 - 00006384 _____ C:\Windows\setupact.log 2015-09-12 12:33 - 2010-11-20 23:47 - 00924600 _____ C:\Windows\PFRO.log 2015-09-12 12:33 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-11 14:02 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-10 15:14 - 2014-12-23 16:27 - 00000261 _____ C:\DelFix.txt 2015-09-10 13:11 - 2013-05-19 18:00 - 00000000 ____D C:\Users\Jonna\AppData\Local\CrashDumps 2015-09-10 12:23 - 2013-05-27 09:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-09-10 08:31 - 2009-07-14 00:45 - 00439608 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-10 08:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-10 00:27 - 2013-08-14 02:32 - 00000000 ____D C:\Windows\system32\MRT 2015-09-10 00:23 - 2013-12-15 16:13 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-08 17:57 - 2012-06-20 22:39 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2015-09-04 20:10 - 2015-03-22 17:49 - 00001128 _____ C:\Users\Jonna\Desktop\Amazon Music.lnk 2015-08-27 08:32 - 2009-07-14 01:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-26 18:37 - 2013-05-27 21:19 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-18 13:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2015-08-16 08:47 - 2013-05-27 10:06 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-08-13 20:13 - 2013-05-19 16:17 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys ==================== Files in the root of some directories ======= 2014-07-31 09:28 - 2014-10-25 07:28 - 0000096 _____ () C:\Users\Jonna\AppData\Roaming\WB.CFG 2013-06-02 19:50 - 2013-06-02 19:50 - 0000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== C:\Users\Jonna\AppData\Local\Temp\ERUNT.exe C:\Users\Jonna\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-02 08:22 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 Ran by Jonna (2015-09-12 14:05:25) Running from C:\Users\Jonna\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2012-06-18 17:02:49) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1059708350-3765293519-1878549072-500 - Administrator - Disabled) Guest (S-1-5-21-1059708350-3765293519-1878549072-501 - Limited - Disabled) Jonna (S-1-5-21-1059708350-3765293519-1878549072-1000 - Administrator - Enabled) => C:\Users\Jonna ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.130 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.) Amazon Music (HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC) Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC) Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden Avast Internet Security (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{7BCD1A5E-F903-48C9-9CB2-37E5A6FB2111}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4412.58 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Digital Advertising Alliance Protect My Choices (Beta) (HKLM-x32\...\{2E4543DD-1526-408D-8B58-D3A2BFE322D0}) (Version: 1.4.0.0 - Digital Advertising Alliance) Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com) Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company) HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{54F0ED3B-BD05-4B41-BCFC-E03FE2DDFF1D}) (Version: 1.1.0.0 - Hewlett-Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company) HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company) HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company) HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation) Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0EF86E06-C755-4C6F-8E47-2528D0546C0A}) (Version: 1.1.1.0581 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation) Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation) Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® PROSet/Wireless WiFi Software (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0903 - Intel Corporation) iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF Creator (HKLM\...\PDF Creator) (Version: - ) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.73.0 - Verizon) WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft) Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft) WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. ) WinZip Courier (HKLM-x32\...\{D011655B-0753-4C2A-B870-946C5B02F54C}) (Version: 6.0.11164 - WinZip Computing, S.L. ) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jonna\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jonna\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () CustomCLSID: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jonna\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jonna\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jonna\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 19-08-2015 12:58:32 Windows Update 23-08-2015 15:44:47 Windows Update 27-08-2015 08:50:20 Windows Update 30-08-2015 09:54:47 Windows Update 04-09-2015 09:42:30 Windows Update 08-09-2015 08:13:16 Windows Update 10-09-2015 00:18:31 Windows Update 10-09-2015 12:08:05 Restore Point Created by FRST 10-09-2015 14:26:17 JRT Pre-Junkware Removal 11-09-2015 11:05:36 Restore Point Created by FRST ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0C2F5CC2-FD85-4130-ABA4-78BEF0513191} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company) Task: {0E805DC7-C693-44B8-8D0E-EFC9E554CD45} - System32\Tasks\HP AR Program Upload - 6674c406596c48429d7bcfee64d802e55b3bfd62ec234059bc1e9929b92a0b02 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {12AD8CF4-0A68-40C0-8B1E-FDA5D69096F1} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-01-02] (Microsoft Corporation) Task: {12BB4896-9072-4787-97D2-CD9EC77E5C6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {315E5A36-0D63-49D3-A019-B9205DA82A8F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-30] (AVAST Software) Task: {358E9DAE-1572-4867-8AC2-04236B879D6C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonna-HP-Jonna Jonna-HP => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2013-12-11] (Microsoft Corporation) Task: {42CDEDB1-71DF-4B1A-9740-5C78F586E4E5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1059708350-3765293519-1878549072-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {519139AE-A12B-4664-B279-C08DF3CE7A20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {5DED7749-B7C4-4BE0-A03D-DB1A971D2CC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {8A4BBCB7-263D-46A5-A50E-29F140C4DBEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {95DAC266-7F6D-402F-9B7B-C15EE8E76CB3} - System32\Tasks\{CF5419D8-802B-483D-81F4-5D3AF686B06C} => pcalua.exe -a "C:\Users\Jonna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S43G3YNM\AdobeAIRInstaller.exe" -d C:\Users\Jonna\Desktop Task: {A84C585F-BE19-4D70-B3A4-CBB2570D29C7} - System32\Tasks\{2C1E46F8-BA6C-44F2-9226-27A365500205} => C:\Program Files (x86)\Safari\Safari.exe [2012-04-25] (Apple Inc.) Task: {AA27302C-C4D9-478A-A1E0-BA65536A14B9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-30] (Microsoft Corporation) Task: {AA7E993A-9365-48CC-A454-BC855A3C708C} - System32\Tasks\HP AR Program Upload - 40144aac4a7a4099a57422b34b0c0570db7576997dc54f369c191dd104abd261 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {C1CFAE19-1494-469C-8EE3-02A8637C0604} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {C1E87F0A-1A47-47D6-903F-921C7E831AA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {D112403E-EA81-429B-9833-0A5570AB49D0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1059708350-3765293519-1878549072-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {D894503A-E453-49AB-8D81-011510137FBA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated) Task: {E527C41F-F313-450E-8628-99AC6FCC684A} - System32\Tasks\HP AR Program Upload - d2ac885b62e44542b551b731bb594865376bbec73b754879acba7f73578b72dd => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {E8D46F13-6BBF-48CD-886C-3F1B32BDC474} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F3B17A66-5833-4A08-9CAD-75E659F0AE89} - System32\Tasks\HP AR Program Upload - 3bab110912bb4d48898b8e06fb0d74aa86b037cfe5934d6b875349f655317926 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {F73AF0AD-E698-4FC3-A34C-492546138C80} - System32\Tasks\HPCeeScheduleForJonna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {F7616AF0-3FBF-4808-9565-2E4575B0E037} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForJonna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (Whitelisted) ============== 2014-03-06 11:05 - 2011-10-04 23:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll 2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-02-26 07:38 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-11-11 10:03 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2014-08-03 09:26 - 2015-07-21 01:02 - 05887808 _____ () C:\Users\Jonna\AppData\Local\Amazon Music\Amazon Music Helper.exe 2015-07-30 09:17 - 2015-07-30 09:17 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-07-30 09:17 - 2015-07-30 09:17 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-09-11 09:32 - 2015-09-11 09:32 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091100\algo.dll 2015-09-12 12:34 - 2015-09-12 12:34 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091109\algo.dll 2014-10-16 01:41 - 2014-10-16 01:41 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll 2012-03-19 02:20 - 2011-05-20 13:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2015-03-13 09:43 - 2015-03-13 09:43 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\amazon.com -> hxxps://www.amazon.com IE trusted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\belvoircreditunion.org -> hxxps://www.belvoircreditunion.org IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\...\100sexlinks.com -> 100sexlinks.com There are 4934 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jonna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 - 208.67.222.222 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk => C:\Windows\pss\FAH.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup MSCONFIG\startupreg: (default) => MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: PowerDVD14Agent => "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2A94A7D1-5394-4A29-B76D-B3349635EB09}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{88110CFB-4E3E-474D-88F4-A1C7BCDF9B2E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{242ABD88-E2BA-45C7-A4DC-26D69117EDC8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe FirewallRules: [{E8BB82CF-32A2-454C-AFF6-BD550833DA04}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe FirewallRules: [{83618B80-6DE9-4B63-9936-1C3F80E52E6E}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{EF2D2C43-86C5-47F0-916D-6D2E1AC3DECA}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{F87189AE-79D8-4DFE-AD52-0BC351C32AC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{3E9862A4-CB66-4CBD-83A7-39CDE16B30D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{74CD628A-9091-49F4-827C-30296E697732}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{19799F48-7FD5-4977-B37D-3CD2B317F8DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B72AEE04-E375-4296-909A-F6CA768F3BD1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{6E2689D2-9BE7-400D-8A42-8A36B73732DD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{F9C22F8E-FBDB-4873-B4C5-6E98CB5AF5B7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{E4E29FBE-7513-4AB7-B946-ACECD79B38A9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{1CB4D0A7-2230-4CA5-AB07-B6F597C7C4D1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{1D321E7B-29F9-457C-B3FF-6FEA3EB3895F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{AFC22A01-4DC0-4C46-B49B-F0361DC894D2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{3051DAB4-35C7-43C4-B285-136FA95ADED9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{12EADE28-B0DD-4B0C-BAB9-304B1B960399}] => (Allow) C:\Users\Jonna\AppData\Local\Temp\7zS51EC\hppiw.exe FirewallRules: [{DDE2897E-ACE3-427C-8008-98D4C7302FBE}] => (Allow) C:\Users\Jonna\AppData\Local\Temp\7zS51EC\hppiw.exe FirewallRules: [TCP Query User{CB346D0B-4458-4911-B54A-23DCE4AE2E0D}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe FirewallRules: [uDP Query User{91652F33-FE95-4344-B826-A0B4679A8A42}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe FirewallRules: [{E5B9EE17-D419-4C7A-94B1-0B0505D08D96}] => (Allow) C:\Users\Jonna\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{5C9A6D96-AC23-4C8D-81B7-FF6CEBF8A466}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{0097413C-24F0-4B86-9140-EA5107E0A508}] => (Allow) C:\Users\Jonna\AppData\Local\Temp\7zS3D00\HPDiagnosticCoreUI.exe FirewallRules: [{B2D53180-3BD8-435F-B511-66161B503E14}] => (Allow) C:\Users\Jonna\AppData\Local\Temp\7zS3D00\HPDiagnosticCoreUI.exe FirewallRules: [TCP Query User{EE067F8B-4F82-4537-9581-996081F6DCDF}C:\users\jonna\appdata\local\temp\7zs0791\enterprisedu.exe] => (Allow) C:\users\jonna\appdata\local\temp\7zs0791\enterprisedu.exe FirewallRules: [uDP Query User{2C47DEA9-9136-42C7-9E76-40FE2574647A}C:\users\jonna\appdata\local\temp\7zs0791\enterprisedu.exe] => (Allow) C:\users\jonna\appdata\local\temp\7zs0791\enterprisedu.exe FirewallRules: [TCP Query User{C8BB8B1B-3853-4C14-A367-4FAAFC24270F}C:\users\jonna\appdata\local\temp\7zs153b\enterprisedu.exe] => (Allow) C:\users\jonna\appdata\local\temp\7zs153b\enterprisedu.exe FirewallRules: [uDP Query User{6036B30B-CE40-43EA-990B-AED4DBAFDC36}C:\users\jonna\appdata\local\temp\7zs153b\enterprisedu.exe] => (Allow) C:\users\jonna\appdata\local\temp\7zs153b\enterprisedu.exe FirewallRules: [{F1314E68-F22E-475E-8BDD-517358648C2E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{BB253016-A225-4437-B00C-6F946EDC8F23}] => (Allow) LPort=2869 FirewallRules: [{390BE30E-A312-4FB9-8671-1703E88802E5}] => (Allow) LPort=1900 FirewallRules: [{3E8DB527-C44A-4ECA-A392-FC68D71A3FBF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{5141F254-2161-4D06-950F-59CD465D21B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6DA1658D-89F1-4780-A1E8-6E052ADD65AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3AC6333B-8563-4DFD-BC8B-A5F19E6B5556}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe FirewallRules: [{2DBB0FCC-297F-4630-BA74-70FDC0A90E03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe FirewallRules: [{25D451D9-E5F3-4224-B5BD-4CFECDC92F4F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe FirewallRules: [{B7FDCFEA-B8C1-4649-BE98-64170AE8A007}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe FirewallRules: [{BE8ADADF-438F-4F49-A3D4-FB78FD2B72E6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{45C612A6-9E3B-43D7-8E45-B7A21A1FFB98}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/12/2015 12:34:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/11/2015 01:56:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/11/2015 11:07:41 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/11/2015 11:05:32 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {d7e64447-a956-41dd-a88d-8bf67b5be732} Error: (09/11/2015 09:31:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2015 04:01:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2015 01:54:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2015 01:10:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02 Faulting module name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02 Exception code: 0xc0000005 Fault offset: 0x001de680 Faulting process id: 0xf3c Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (09/10/2015 12:30:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2015 12:21:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (09/11/2015 09:33:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The HP Network Devices Support service terminated with the following error: %%126 Error: (09/10/2015 05:29:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (09/10/2015 05:29:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (09/10/2015 05:29:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (09/10/2015 05:29:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (09/10/2015 04:58:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (09/10/2015 04:58:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (09/10/2015 04:03:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The HP Network Devices Support service terminated with the following error: %%126 Error: (09/10/2015 04:00:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (09/10/2015 04:00:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Microsoft Office: ========================= ==================== Memory info =========================== Processor: Intel® Core i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 28% Total physical RAM: 8139.86 MB Available physical RAM: 5791.18 MB Total Virtual: 16277.92 MB Available Virtual: 13503 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:673.04 GB) (Free:542.57 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:21.43 GB) (Free:2.3 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5886C2AB) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=673 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=21.4 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ==================== End of Addition.txt ============================
- September 12, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

latest protection log: Malwarebytes Anti-Malware www.malwarebytes.org Protection, 9/12/2015 12:34 PM, SYSTEM, JONNA-HP, Protection, Malware Protection, Starting, Protection, 9/12/2015 12:34 PM, SYSTEM, JONNA-HP, Protection, Malware Protection, Started, Protection, 9/12/2015 12:34 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, Starting, Protection, 9/12/2015 12:34 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, Started, Detection, 9/12/2015 12:35 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 49769, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 12:35 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 49769, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 12:37 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50294, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 12:39 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50887, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 12:42 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50909, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 12:43 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50923, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 12:46 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50943, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 12:49 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50945, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 12:50 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50947, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 12:52 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50954, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 12:55 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50957, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 12:58 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50961, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:01 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50963, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:03 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50965, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:04 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50967, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:05 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50969, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:07 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50973, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:09 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 50975, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Update, 9/12/2015 1:10 PM, SYSTEM, JONNA-HP, Scheduler, AKA IP Database, 2015.9.11.1, 2015.9.11.2, Update, 9/12/2015 1:10 PM, SYSTEM, JONNA-HP, Scheduler, AKA Domain Database, 2015.9.10.9, 2015.9.11.2, Update, 9/12/2015 1:10 PM, SYSTEM, JONNA-HP, Scheduler, Domain Database, 2015.9.11.8, 2015.9.12.4, Update, 9/12/2015 1:10 PM, SYSTEM, JONNA-HP, Scheduler, Malware Database, 2015.9.11.6, 2015.9.12.3, Protection, 9/12/2015 1:10 PM, SYSTEM, JONNA-HP, Protection, Refresh, Starting, Protection, 9/12/2015 1:10 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, Stopping, Protection, 9/12/2015 1:10 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, Stopped, Protection, 9/12/2015 1:11 PM, SYSTEM, JONNA-HP, Protection, Refresh, Success, Protection, 9/12/2015 1:11 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, Starting, Protection, 9/12/2015 1:11 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, Started, Detection, 9/12/2015 1:11 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51046, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:11 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51046, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:12 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51049, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:14 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51051, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:17 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51055, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:19 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51057, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:22 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51063, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:23 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51065, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:24 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51067, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:27 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51092, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:30 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51097, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:32 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51099, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:34 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51102, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:36 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51107, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:39 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51115, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:41 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51117, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:43 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51119, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:45 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51121, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:46 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51123, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:48 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51125, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:50 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51127, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:52 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51138, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, Detection, 9/12/2015 1:54 PM, SYSTEM, JONNA-HP, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51140, Outbound, C:\Program Files\AVAST Software\Avast\AvastSvc.exe, (end)
- September 12, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

i don't even drink and i feel like drinking now......
- September 11, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

MrC......DNS changed.....reboot done.....still getting popups......iyiyi.......
- September 11, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

ok....wow. completed that DNS thing. i feel like a techie now..... rebooting......
- September 11, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

Changing your DNS provider should fix the problem: Change your DNS provider to OpenDNS or Google OpenDNS use: 208.67.220.220 and 208.67.222.222 Google use: 8.8.8.8 and 8.8.4.4 These two links should help you change the settings: http://208.69.38.205/ http://www.isitdownr...-windows-7.html Make sure you reboot after making the changes. MrC Good afternoon, MrC: Does this mean it's a Verizon problem? (ISP) I was thinking it was Avast-related. BTW......LOVE your dogs!! They are beautiful!! Got 3 of my own...rescues, but they are all small critters, beagle-bassett, Westie, and Rat Terrier.
- September 11, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

MrC.....should I not perform and purchases or financial transactions on this machine until this is fixed? Just asking to be sure........dumb question I know.......
- September 11, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

I contacted Avast support first and they said to contact MWB folks!!! How helpful is that??? UGH!! And I PAID for the premium version of that crappy thing!!!! Big lotta good that did.......
- September 11, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

Freaking out......carpet install guys coming tomorrow to install carpet on my entire 3rd floor and i am supposed to be emptying out everything up there.....instead here i am messing with this dang laptop .........@#$%@%@%F#%!$!$!!!!!!! I hate technology!!!!! Okay actually I hate people who create these hijackers, viruses, worms, trojans, etc.......they should be hung by the neck!!!!!!
- September 11, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

MrC......Sorry, I have a bad case of brain fog and this thing is killing me......I think I have completed the last task correctly...... fixlist log........I still have popups.........although just reading some stuff here....would it be prudent to just remove my Avast completely and do a clean install from square 1??? What do you think? Or would that nasty thing just take over again??? Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 Ran by Jonna (2015-09-11 11:05:28) Run:2 Running from C:\Users\Jonna\Desktop Loaded Profiles: Jonna (Available Profiles: Jonna) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKLM-x32\...\Run: [] => [X] ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-1059708350-3765293519-1878549072-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.) FF SearchPlugin: C:\Users\Jonna\AppData\Roaming\Mozilla\Firefox\Profiles\4ef4j6eu.default\searchplugins\bing-avast.xml [2014-08-07] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-13] S2 HPSLPSVC; C:\Users\Jonna\AppData\Local\Temp\7zS51EC\hpslpsvc64.dll [X] S3 clwvd; system32\DRIVERS\clwvd.sys [X] ***************** Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. "HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully "HKCR\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. HKU\S-1-5-21-1059708350-3765293519-1878549072-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => moved successfully C:\Users\Jonna\AppData\Roaming\Mozilla\Firefox\Profiles\4ef4j6eu.default\searchplugins\bing-avast.xml => moved successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot. HPSLPSVC => service removed successfully clwvd => service removed successfully Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-11 11:09:30)<= "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move ==== End of Fixlog 11:09:30 ====
- September 11, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

NewAddition.txtMrC.......FRST.txt file and Addition.txt ................ NewFRST.txt
- September 10, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

MrC.....completed the part with fixlist.txt and FRST64.ext.......all logs are posted here.
- September 10, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

Okay, finished with all steps requested....still getting popups. Ran AdwCleaner again, here's the logfile..... # AdwCleaner v5.007 - Logfile created 10/09/2015 at 16:00:03 # Updated 08/09/2015 by Xplode # Database : 2015-09-10.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Jonna - JONNA-HP # Running from : C:\Users\Jonna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Y4AGGTZ\AdwCleaner.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ************************* :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [691 bytes] ##########
- September 10, 2015
- 56 replies
I have the popups of su2.ff.avast.com, IP 93.242.140.21 since yesterday.....steps to take?

straokiegrl99 replied to straokiegrl99's topic in Resolved Malware Removal Logs

MrC...yes, I shut down Windows Defender as you recommended, and ran Delfix, create registry. I was just following the steps to get a head start, but of course I will need the assistance of an expert! I appreciate your help.
- September 10, 2015
- 56 replies

Events

Profiles

Forums

Everything posted by straokiegrl99

Important Information