Jump to content

Big_Dirty

Honorary Members
  • Posts

    43
  • Joined

  • Last visited

Reputation

0 Neutral

Contact Methods

  • Website URL
    http://
  • ICQ
    0
  1. so far things seem to be working better. thanks for all your help
  2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.8.1 (05.27.2015:1) OS: Windows Vista Home Premium x64 Ran by Alicia on Wed 05/27/2015 at 12:13:44.11 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Chrome [C:\Users\Alicia\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Alicia\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Alicia\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Alicia\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 05/27/2015 at 12:17:41.02 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.205 - Logfile created 27/05/2015 at 12:33:07 # Updated 21/05/2015 by Xplode # Database : 2015-05-25.3 [server] # Operating system : Windows Vista Home Premium Service Pack 2 (x64) # Username : Alicia - ALICIA-PC # Running from : C:\Users\Alicia\Desktop\Malware cleanup\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKU\.DEFAULT\Software\IGearSettings ***** [ Web browsers ] ***** -\\ Internet Explorer v9.0.8112.16644 -\\ Google Chrome v42.0.2311.135 ************************* AdwCleaner[R0].txt - [6822 bytes] - [06/04/2015 22:54:51] AdwCleaner[R1].txt - [940 bytes] - [27/05/2015 12:28:22] AdwCleaner[s0].txt - [6712 bytes] - [06/04/2015 22:58:21] AdwCleaner[s1].txt - [868 bytes] - [27/05/2015 12:33:07] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [926 bytes] ##########
  3. My apology for missing that request: C:\Users\Alicia\Documents\Apache_OpenOffice_4.1.1_Win_x86_install_enUS.exe a variant of Win32/InstallCore.VM potentially unwanted application deleted - quarantined C:\Users\Alicia\Documents\Installation Files\Veetle\veetle-0.9.19.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
  4. I completed this last step weeks ago. Was there any more follow up steps?
  5. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5873 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 2/24/2011 4:04:48 PM mbam-log-2011-02-24 (16-04-48).txt Scan type: Quick scan Objects scanned: 161485 Time elapsed: 2 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  6. It appears you did not see my note at the top of my last post. I need help with that.
  7. I ran malwarebytes scan and removed one result, but when I tried to find the malwarebytes log file in the directory in the settings, i could not find the log? Where is the malwarebytes log file? Here is the fixlog log file: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015 01 Ran by Alicia at 2015-04-29 15:17:14 Run:1 Running from C:\Users\Alicia\Desktop\Malware cleanup Loaded Profiles: Alicia (Available profiles: Alicia) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: AppInit_DLLs-x32: c:/progra~3/{8fb76~1/191~1.1/todi.dll => c:\ProgramData\{8FB76774-DF35-B6F2-6EB3-C670BE3115FE}\1.9.1.1\todi.dll [964608 2015-02-12] () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM -> {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-197936244-2571931639-1420350080-1000 -> {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = SearchScopes: HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File C:\Users\Alicia\AppData\Local\Temp\HPQSi.exe C:\Users\Alicia\AppData\Local\Temp\_isB3A6.exe Task: {CB68A3DE-3664-496D-8FD4-B41F4B36CE75} - \Binkiland todi No Task File <==== ATTENTION Task: {FEBC8165-B7E2-4315-93C2-131F7EEF699B} - \Binkiland No Task File <==== ATTENTION EmptyTemp: Reboot: end ***************** Processes closed successfully. "c:/progra~3/{8fb76~1/191~1.1/todi.dll" => Value Data removed successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4AEE759C-B937-44D6-A657-2AEA42F8231C}" => Key deleted successfully. HKCR\CLSID\{4AEE759C-B937-44D6-A657-2AEA42F8231C} => Key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. "HKU\S-1-5-21-197936244-2571931639-1420350080-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4AEE759C-B937-44D6-A657-2AEA42F8231C}" => Key deleted successfully. HKCR\CLSID\{4AEE759C-B937-44D6-A657-2AEA42F8231C} => Key not found. HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4AEE759C-B937-44D6-A657-2AEA42F8231C} => Key not found. HKCR\CLSID\{4AEE759C-B937-44D6-A657-2AEA42F8231C} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => Key not found. C:\Users\Alicia\AppData\Local\Temp\HPQSi.exe => Moved successfully. C:\Users\Alicia\AppData\Local\Temp\_isB3A6.exe => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB68A3DE-3664-496D-8FD4-B41F4B36CE75}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB68A3DE-3664-496D-8FD4-B41F4B36CE75}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Binkiland todi" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEBC8165-B7E2-4315-93C2-131F7EEF699B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEBC8165-B7E2-4315-93C2-131F7EEF699B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Binkiland" => Key deleted successfully. EmptyTemp: => Removed 2 GB temporary data. The system needed a reboot. ==== End of Fixlog 15:18:41 ====
  8. I have looked at this post several times and I see no attachment anywhere. Where is this attachment?
  9. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01 Ran by Alicia (administrator) on ALICIA-PC on 27-04-2015 21:28:22 Running from C:\Users\Alicia\Desktop\Malware cleanup Loaded Profiles: Alicia & (Available profiles: Alicia) Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\x64\DpAgent.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Realtek Semiconductor) C:\WINDOWS\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgscana.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1220392 2008-01-18] (Synaptics, Inc.) HKLM\...\Run: [sMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [833536 2007-01-17] (Motorola Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [5429760 2007-10-09] (Realtek Semiconductor) HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-10-24] (Intel Corporation) HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [701440 2007-09-04] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2007-12-19] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [671744 2007-09-20] (DigitalPersona, Inc.) HKLM-x32\...\Run: [hpqSRMon] => [X] HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [WAWifiMessage] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-197936244-2571931639-1420350080-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company) HKU\S-1-5-21-197936244-2571931639-1420350080-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-197936244-2571931639-1420350080-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe HKU\S-1-5-21-197936244-2571931639-1420350080-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Alicia\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid c73e1c08767547d69f84d1572e9e02ba-e036517d3297a963bd3bd0e06993047921121287 --CMPID 0913a HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company) HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Alicia\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid c73e1c08767547d69f84d1572e9e02ba-e036517d3297a963bd3bd0e06993047921121287 --CMPID 0913a AppInit_DLLs-x32: c:/progra~3/{8fb76~1/191~1.1/todi.dll => c:\ProgramData\{8FB76774-DF35-B6F2-6EB3-C670BE3115FE}\1.9.1.1\todi.dll [964608 2015-02-12] () Lsa: [Notification Packages] scecli DPPWDFLT BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop HKU\S-1-5-21-197936244-2571931639-1420350080-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop HKU\S-1-5-21-197936244-2571931639-1420350080-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt SearchScopes: HKLM -> {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = SearchScopes: HKLM-x32 -> {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-197936244-2571931639-1420350080-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt SearchScopes: HKU\S-1-5-21-197936244-2571931639-1420350080-1000 -> {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = SearchScopes: HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt SearchScopes: HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited) BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation) BHO-x32: HP Print Clips -> {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} -> c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll [2007-08-31] (Hewlett-Packard Co.) Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll [2011-02-08] (AVG Technologies CZ, s.r.o.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.) Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 74.40.74.41 FireFox: ======== FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc) FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-06] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4 FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-04-11] Chrome: ======= CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\gcswf32.dll No File CHR Plugin: (AVG Internet Security) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27] CHR Extension: (Google Search) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27] CHR Extension: (Google Wallet) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Automatic LiveUpdate Scheduler; c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe [243064 2007-08-23] (Symantec Corporation) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.) S3 Com4Qlb; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed] R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [299008 2007-09-20] (DigitalPersona, Inc.) [File not signed] R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed] R2 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S3 LiveUpdate; c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE [3192184 2007-08-23] (Symantec Corporation) R2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-19] () R2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-19] () R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [217088 2007-08-28] (AuthenTec, Inc.) R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [117328 2011-05-27] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. ) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.) R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [380192 2014-11-04] (AVG Technologies CZ, s.r.o.) R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-07] (Malwarebytes Corporation) S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation) R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1455616 2007-01-17] (Motorola Inc.) U1 eabfiltr; No ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 SymIM; system32\DRIVERS\SymIM.sys [X] S3 SymIMMP; system32\DRIVERS\SymIM.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-27 21:26 - 2015-04-27 21:41 - 00000000 ____D () C:\Users\Alicia\Desktop\Malware cleanup 2015-04-06 22:54 - 2015-04-06 22:58 - 00000000 ____D () C:\AdwCleaner 2015-04-06 22:26 - 2015-04-06 22:26 - 02208768 _____ () C:\Users\Alicia\Desktop\adwcleaner_4.200.exe 2015-04-06 22:25 - 2015-04-07 17:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-06 22:24 - 2015-04-06 22:24 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-06 22:24 - 2015-04-06 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-06 22:24 - 2015-04-06 22:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-06 22:24 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-06 22:24 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-06 22:24 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-06 20:53 - 2015-04-27 21:28 - 00000000 ____D () C:\FRST 2015-04-06 16:28 - 2015-04-27 21:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-06 16:28 - 2015-04-22 14:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-04-06 16:28 - 2015-04-22 14:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-06 16:28 - 2015-04-22 14:26 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-04-06 16:28 - 2015-04-06 16:28 - 00000000 ____D () C:\Windows\system32\Macromed 2015-04-06 14:59 - 2015-04-06 15:00 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-04-06 14:59 - 2015-04-06 14:59 - 00001019 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-04-06 14:58 - 2015-04-06 14:58 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-04-06 14:56 - 2015-04-06 14:56 - 00388282 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistMSI4FF4.txt 2015-04-06 14:56 - 2015-04-06 14:56 - 00012152 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistUI4FF4.txt 2015-04-06 14:54 - 2015-04-06 14:56 - 00459966 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistMSI4EC1.txt 2015-04-06 14:54 - 2015-04-06 14:56 - 00012360 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistUI4EC1.txt 2015-04-06 14:53 - 2015-04-06 14:50 - 140852175 _____ () C:\Users\Alicia\Downloads\OpenOffice_Setup [1].exe 2015-04-06 14:45 - 2015-04-06 14:45 - 00002025 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-06 14:45 - 2015-04-06 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-04-06 12:22 - 2015-02-19 19:03 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-04-06 12:22 - 2015-02-19 18:44 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-04-06 12:22 - 2015-02-19 17:39 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-04-06 12:22 - 2015-02-19 17:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-04-06 12:20 - 2014-10-12 18:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-04-06 12:20 - 2014-10-12 17:56 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-04-06 12:19 - 2015-01-28 18:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-04-06 12:19 - 2015-01-28 18:33 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-04-06 12:19 - 2015-01-20 19:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-04-06 12:19 - 2015-01-20 18:42 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-04-06 12:18 - 2015-02-25 17:31 - 02792960 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-04-06 12:18 - 2015-02-17 19:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-04-06 12:18 - 2015-02-17 18:42 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-04-06 12:10 - 2015-02-25 18:40 - 04692408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-06 12:10 - 2015-01-28 18:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-04-06 12:10 - 2015-01-28 18:33 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-04-06 12:10 - 2015-01-08 18:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-06 12:10 - 2015-01-08 17:29 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-06 12:08 - 2015-03-05 21:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-06 12:08 - 2015-03-05 20:35 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-06 10:54 - 2015-02-21 12:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-06 10:54 - 2015-02-21 12:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-06 10:54 - 2015-02-21 12:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-06 10:54 - 2015-02-21 12:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-06 10:54 - 2015-02-21 11:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-06 10:54 - 2015-02-21 11:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-06 10:54 - 2015-02-21 11:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-06 10:54 - 2015-02-21 11:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-04-06 10:54 - 2015-02-21 11:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-06 10:54 - 2015-02-21 11:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-04-06 10:54 - 2015-02-21 11:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-06 10:54 - 2015-02-21 11:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-06 10:54 - 2015-02-21 11:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-06 10:54 - 2015-02-21 11:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-04-06 10:54 - 2015-02-21 10:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-06 10:54 - 2015-02-21 10:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-04-06 10:54 - 2015-02-21 10:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-06 10:54 - 2015-02-21 10:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-06 10:54 - 2015-02-21 10:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-06 10:54 - 2015-02-21 10:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-06 10:54 - 2015-02-21 10:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-06 10:54 - 2015-02-21 10:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2015-04-06 10:54 - 2015-02-21 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-04-06 10:54 - 2015-02-21 10:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-06 10:54 - 2015-02-21 10:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-04-06 10:54 - 2015-02-21 10:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-06 10:54 - 2015-02-21 10:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-06 10:54 - 2015-02-21 10:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-04-06 10:54 - 2015-02-21 10:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-04-06 10:54 - 2015-02-21 10:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-06 10:54 - 2015-02-21 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-06 10:54 - 2015-02-21 10:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-06 10:54 - 2015-02-21 10:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2015-04-06 10:54 - 2015-02-21 10:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2015-04-06 10:54 - 2015-02-21 10:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2015-04-06 10:54 - 2015-02-21 10:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-04-06 09:55 - 2015-04-06 11:57 - 00000000 ____D () C:\Users\Alicia\AppData\Roaming\HpUpdate 2015-04-06 09:54 - 2015-04-06 09:54 - 00000000 ____D () C:\Windows\Hewlett-Packard 2015-04-06 09:40 - 2015-04-06 09:40 - 00000010 _____ () C:\Users\Alicia\AppData\Local\DSI.DAT ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-27 21:26 - 2012-04-22 18:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-27 21:24 - 2012-04-22 18:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-27 21:16 - 2008-07-10 15:40 - 01452824 _____ () C:\Windows\WindowsUpdate.log 2015-04-27 21:16 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-27 21:16 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-27 21:10 - 2012-07-29 22:17 - 00003694 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C19D3A41-7CE5-470E-830A-C6AFADC7A1BE} 2015-04-27 21:09 - 2011-02-24 16:32 - 00000000 ____D () C:\Windows\system32\Drivers\AVG 2015-04-27 21:06 - 2011-02-24 18:28 - 00000328 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job 2015-04-27 21:04 - 2011-02-24 16:09 - 00476978 _____ () C:\ProgramData\nvModes.dat 2015-04-27 21:04 - 2011-02-24 16:09 - 00476978 _____ () C:\ProgramData\nvModes.001 2015-04-22 14:26 - 2011-07-09 17:57 - 00000021 _____ () C:\Users\Public\Documents\hpqp.txt 2015-04-22 14:24 - 2012-06-25 09:12 - 00007808 _____ () C:\Users\Alicia\AppData\Local\d3d9caps.dat 2015-04-06 23:10 - 2011-02-24 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware 2015-04-06 23:03 - 2008-07-10 15:52 - 00000255 _____ () C:\Users\Public\Documents\hpqp.ini 2015-04-06 23:00 - 2008-01-20 20:26 - 00983000 _____ () C:\Windows\PFRO.log 2015-04-06 23:00 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-06 22:59 - 2006-11-02 08:42 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-06 22:57 - 2006-11-02 05:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-06 22:48 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\L2Schemas 2015-04-06 20:25 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\tracing 2015-04-06 19:53 - 2011-02-24 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-06 16:27 - 2011-02-24 15:28 - 00081008 _____ () C:\Users\Alicia\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-06 16:24 - 2006-11-02 08:21 - 00340192 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-06 16:23 - 2008-07-02 05:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-04-06 15:52 - 2011-02-24 15:18 - 00000000 ____D () C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2015-04-06 15:52 - 2008-07-02 06:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2015-04-06 15:52 - 2008-07-02 06:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2015-04-06 15:52 - 2008-07-02 06:05 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2015-04-06 15:04 - 2008-07-02 05:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee 2015-04-06 14:55 - 2006-11-02 06:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-04-06 14:44 - 2012-04-22 18:28 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-06 14:43 - 2011-02-24 15:31 - 00000000 ____D () C:\Users\Alicia\AppData\Local\Google 2015-04-06 13:25 - 2014-03-17 15:41 - 00753386 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-04-06 12:20 - 2008-07-02 05:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-06 12:17 - 2013-08-21 03:22 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-06 12:10 - 2006-11-02 05:35 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-04-06 10:50 - 2011-02-24 16:32 - 00000000 ____D () C:\ProgramData\AVG10 2015-04-06 10:00 - 2015-02-16 20:00 - 00000119 _____ () C:\Users\Alicia\AppData\Roaming\WB.CFG 2015-04-06 09:56 - 2008-07-02 06:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-04-06 09:56 - 2008-07-02 06:03 - 00000000 ____D () C:\Program Files (x86)\HP ==================== Files in the root of some directories ======= 2013-08-12 16:46 - 2013-08-12 16:46 - 4188160 _____ () C:\Program Files (x86)\GUT9EC2.tmp 2015-02-16 20:00 - 2015-04-06 10:00 - 0000119 _____ () C:\Users\Alicia\AppData\Roaming\WB.CFG 2011-02-24 15:28 - 2011-02-24 15:28 - 0000000 _____ () C:\Users\Alicia\AppData\Local\AtStart.txt 2012-06-25 09:12 - 2015-04-22 14:24 - 0007808 _____ () C:\Users\Alicia\AppData\Local\d3d9caps.dat 2011-02-25 00:25 - 2012-10-15 03:00 - 0009380 _____ () C:\Users\Alicia\AppData\Local\d3d9caps64.dat 2015-04-06 14:54 - 2015-04-06 14:56 - 0459966 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistMSI4EC1.txt 2015-04-06 14:56 - 2015-04-06 14:56 - 0388282 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistMSI4FF4.txt 2015-04-06 14:54 - 2015-04-06 14:56 - 0012360 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistUI4EC1.txt 2015-04-06 14:56 - 2015-04-06 14:56 - 0012152 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistUI4FF4.txt 2015-04-06 09:40 - 2015-04-06 09:40 - 0000010 _____ () C:\Users\Alicia\AppData\Local\DSI.DAT 2011-02-24 15:28 - 2011-02-24 15:28 - 0000000 _____ () C:\Users\Alicia\AppData\Local\DSwitch.txt 2011-02-24 15:28 - 2011-02-24 15:28 - 0000000 _____ () C:\Users\Alicia\AppData\Local\QSwitch.txt 2008-07-02 06:03 - 2008-07-02 06:04 - 0000372 _____ () C:\ProgramData\hpzinstall.log 2012-03-05 21:51 - 2012-03-05 21:53 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2011-02-24 16:09 - 2015-04-27 21:04 - 0476978 _____ () C:\ProgramData\nvModes.001 2011-02-24 16:09 - 2015-04-27 21:04 - 0476978 _____ () C:\ProgramData\nvModes.dat Some content of TEMP: ==================== C:\Users\Alicia\AppData\Local\Temp\HPQSi.exe C:\Users\Alicia\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Alicia\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Alicia\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Alicia\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Alicia\AppData\Local\Temp\Quarantine.exe C:\Users\Alicia\AppData\Local\Temp\sqlite3.dll C:\Users\Alicia\AppData\Local\Temp\supoptsetup.exe C:\Users\Alicia\AppData\Local\Temp\_isB3A6.exe C:\Users\Alicia\AppData\Local\Temp\{D1A6927F-5255-4488-A9C6-3B7FE6D3B26E}-GoogleUpdateSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-06 23:07 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01 Ran by Alicia at 2015-04-27 21:43:29 Running from C:\Users\Alicia\Desktop\Malware cleanup Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-197936244-2571931639-1420350080-500 - Administrator - Disabled) Alicia (S-1-5-21-197936244-2571931639-1420350080-1000 - Administrator - Enabled) => C:\Users\Alicia Guest (S-1-5-21-197936244-2571931639-1420350080-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader 8.1.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated) AuthenTec Fingerprint Sensor Minimum Install (HKLM-x32\...\{7F362F06-A9A3-440F-8B19-6A01A72723C4}) (Version: 7.9 - AuthenTec) AVG 2011 (HKLM\...\AVG) (Version: 10.0.1434 - AVG Technologies) AVG 2011 (Version: 10.0.1434 - AVG Technologies) Hidden AVG 2011 (Version: 10.0.4311 - AVG Technologies) Hidden Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DigitalPersona Personal 3.0.0 (HKLM\...\{A6A95C2E-D8F9-4A19-8C87-4A0088844396}) (Version: 3.0.0 - DigitalPersona, Inc.) DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.0928 - CyberLink Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.) Hewlett-Packard Active Check (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.62.5 - HP) Hidden HP Active Support Library (HKLM-x32\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM-x32\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard) HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard) HP Easy Setup - Frontend (HKLM-x32\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard) HP Help and Support (HKLM\...\{A348C751-0EFF-4B9D-8065-B5339BEFBE27}) (Version: 1.5.0 - Hewlett-Packard) HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP) HP Quick Launch Buttons 6.30 E1 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.30 E1 - Hewlett-Packard) HP QuickPlay 3.6 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - ) HP QuickTouch 1.00 C3 (HKLM\...\{11192F89-510C-4E23-A62A-D3BEA9139596}) (Version: 1.0.5 - Hewlett-Packard) HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 3.0.17.0 - Hewlett-Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP User Guides 0088 (HKLM-x32\...\{8347A7A5-4AB8-433F-82AA-496B0D189A9B}) (Version: 1.02.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard) HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_Tattoo (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookHolidayPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookModernPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookPlayfulPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookScrapbookPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - ) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle) Java 6 Update 2 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.) LightScribe System Software 1.10.13.1 (x32 Version: 1.10.13.1 - http://www.lightscribe.com) Hidden LiveUpdate (Symantec Corporation) (HKLM-x32\...\PsuedoLiveUpdate) (Version: 3.4.0.162 - Symantec) LiveUpdate (Symantec Corporation) (x32 Version: 3.4.0.162 - Symantec) Hidden Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation) Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: - ) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5494 - Realtek Semiconductor Corp.) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - ) SPBBC 64bit (Version: 107.0.0.134 - Symantec Corporation) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics) TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc) VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Alicia\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Alicia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alicia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-197936244-2571931639-1420350080-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Alicia\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-197936244-2571931639-1420350080-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Alicia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-197936244-2571931639-1420350080-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alicia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File ==================== Restore Points ========================= 15-01-2015 18:44:45 Scheduled Checkpoint 20-01-2015 19:58:53 Scheduled Checkpoint 21-01-2015 04:00:46 Windows Update 22-01-2015 13:36:53 Scheduled Checkpoint 28-01-2015 14:34:57 Scheduled Checkpoint 29-01-2015 13:12:13 Scheduled Checkpoint 03-02-2015 20:47:29 Scheduled Checkpoint 12-02-2015 19:38:22 Scheduled Checkpoint 13-02-2015 04:00:41 Windows Update 14-02-2015 04:00:49 Windows Update 16-02-2015 20:45:44 Scheduled Checkpoint 17-02-2015 19:59:49 Scheduled Checkpoint 06-04-2015 09:41:28 Scheduled Checkpoint 06-04-2015 09:54:11 Installed HP Update. 06-04-2015 12:07:43 Windows Update 06-04-2015 13:16:53 Windows Update 06-04-2015 14:54:41 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 06-04-2015 14:57:34 Installed OpenOffice 4.1.1 06-04-2015 15:03:04 Removed muvee autoProducer 6.1 06-04-2015 15:05:18 Configured SlingPlayer 06-04-2015 15:07:22 Removed Slingbox Flash Tour 06-04-2015 15:10:15 Configured PowerDirector ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2FCFC88F-824E-4BB7-B7A4-C206C95B29AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-22] (Adobe Systems Incorporated) Task: {7331FD0E-8BF0-4368-BD21-C7F630D88D4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-22] (Google Inc.) Task: {CB68A3DE-3664-496D-8FD4-B41F4B36CE75} - \Binkiland todi No Task File <==== ATTENTION Task: {D255ED44-6EB8-465D-AEFA-7209A581A1AC} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] () Task: {D415E48C-3095-434E-8692-81B54B04F7FE} - System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2009-01-26] (Safer Networking Limited) Task: {D47DC9EA-77FE-4A81-8BEC-326A6104E168} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26] (Safer Networking Limited) Task: {F8598960-6B3B-4C6E-B2DA-449436D1C2E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-22] (Google Inc.) Task: {FEBC8165-B7E2-4315-93C2-131F7EEF699B} - \Binkiland No Task File <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2008-07-10 15:51 - 2007-12-19 19:28 - 00271760 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe 2008-07-10 15:51 - 2007-12-19 19:28 - 00112016 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe 2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe 2007-05-16 10:43 - 2007-05-16 10:43 - 00677432 ____R () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe 2008-07-10 15:51 - 2007-12-19 19:28 - 00251288 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll 2008-07-10 15:51 - 2007-12-19 19:28 - 00038184 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll 2007-07-12 14:55 - 2007-07-12 14:55 - 01581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2007-08-14 16:43 - 2007-08-14 16:43 - 06365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2007-07-12 14:55 - 2007-07-12 14:55 - 00131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) IE trusted site: HKU\S-1-5-21-197936244-2571931639-1420350080-1000\...\googlecode.com -> hxxp://feedflow.googlecode.com IE trusted site: HKU\S-1-5-21-197936244-2571931639-1420350080-1000\...\intuit.com -> hxxps://ttlc.intuit.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg HKU\S-1-5-21-197936244-2571931639-1420350080-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img11.jpg HKU\S-1-5-21-197936244-2571931639-1420350080-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img11.jpg DNS Servers: 192.168.254.254 - 74.40.74.41 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{9B573152-4623-4073-84F8-E1A7BA84B66A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{0AC2A1F3-5EB9-4314-AE5F-24165F942440}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe FirewallRules: [{E7CDDBFF-4285-4922-A647-FD2686A477EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE FirewallRules: [{4C4DB558-ACAE-47A4-A254-7D0831DC3CAD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE FirewallRules: [{DAA0C27C-A615-4C85-B686-DC81D8989F08}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDirector\PDR.EXE FirewallRules: [{776A8B7B-9DD2-4F73-BF66-4CC3D37386DA}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe FirewallRules: [{36C3487E-D964-4219-B8B6-74884DDAD95E}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe FirewallRules: [{31CE92B9-6E14-434F-B55F-0DC8F3388EE9}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe FirewallRules: [{9B12E32D-131E-4FB7-9FB3-0CB876C640FE}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe FirewallRules: [TCP Query User{97FAA70A-4582-4E6B-8FDF-F8979A016C3F}C:\users\alicia\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\alicia\appdata\local\google\chrome\application\chrome.exe FirewallRules: [uDP Query User{0393BF35-A4DE-462D-98C5-6E0D7EC7E250}C:\users\alicia\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\alicia\appdata\local\google\chrome\application\chrome.exe FirewallRules: [{4ABD9E1F-6CC8-415E-93E3-310C3942A9A2}] => (Allow) LPort=80 FirewallRules: [{AA429077-E4C4-47F1-951F-F2FB37ED6159}] => (Allow) LPort=80 FirewallRules: [{3107AA07-EEB8-4E48-966A-E509834555EC}] => (Allow) LPort=80 FirewallRules: [TCP Query User{79746616-6252-4888-B516-C3E7F034A65F}C:\users\alicia\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\alicia\appdata\local\google\chrome\application\chrome.exe FirewallRules: [uDP Query User{265085F2-ECD7-40CD-B6F1-1F092582E8E7}C:\users\alicia\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\alicia\appdata\local\google\chrome\application\chrome.exe FirewallRules: [{0CB8DB00-5983-4870-B8E7-B07D0D15C3B2}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe FirewallRules: [{01449E10-F2F5-4C47-81D4-4982C75DAB2C}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe FirewallRules: [{BCB1DECB-9864-4803-9735-C260B892FC4B}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe FirewallRules: [{245AB5EA-30BB-4E38-A252-510E436AC150}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe FirewallRules: [{9A03ACD9-0A08-440A-9F11-4A025B44B572}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{A6AF77C9-4B39-4743-A5B9-3B77CBC20095}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{03BC3FAD-86FF-46C2-B874-7B2FEAAE4BD4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{DA7CD35F-E900-4E77-A863-120008D57FE3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{28F59E8E-AAEC-4BD4-A2EB-EC62DA6330FF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{1A1F8005-0B01-4F2B-8A7E-74BCDDC3C01D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{790F410B-4A18-438B-9BA8-EDC678D88464}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{C738061F-B4BD-4F33-B5FC-8446A306633C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{F8626C2F-4D08-46A1-93E9-B2A663F49C26}] => (Allow) C:\Program Files (x86)\Veetle\Player\VeetleNet.exe FirewallRules: [{14948A46-78F8-456E-B88E-1E7C44781B91}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe FirewallRules: [{1A4DA367-A322-44D5-805A-DDADC1E1DE2D}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe FirewallRules: [{C98F3B78-83A2-404A-8479-10DE076B5B02}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe FirewallRules: [{E86A00AE-A5B4-47D0-BF87-9C931ECCCC1A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe FirewallRules: [{19F958CA-3D66-4AC7-A0FD-F383138FC786}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe FirewallRules: [{85C88B36-EE8F-4B2B-8334-645630FD0AB9}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{C6AD4BFD-CC94-4DFA-B4BA-918784B03741}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{E743DC02-684F-49FD-8811-B94FC08A7888}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe] => C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/06/2015 11:00:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2015 10:50:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2015 08:37:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 41.0.2272.118, time stamp 0x55199d5a, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053287, process id 0x4b0, application start time 0xchrome.exe0. Error: (04/06/2015 08:26:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2015 04:33:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 41.0.2272.118, time stamp 0x55199d5a, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053287, process id 0x13d8, application start time 0xchrome.exe0. Error: (04/06/2015 04:24:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2015 04:21:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 41.0.2272.118, time stamp 0x55199d5a, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053287, process id 0x1720, application start time 0xchrome.exe0. Error: (04/06/2015 02:54:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 41.0.2272.118, time stamp 0x55199d5a, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053287, process id 0x1274, application start time 0xchrome.exe0. Error: (04/06/2015 02:43:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 40.0.2214.94, time stamp 0x54c6f514, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053287, process id 0x13c8, application start time 0xchrome.exe0. Error: (04/06/2015 02:41:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 40.0.2214.94, time stamp 0x54c6f514, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x74ab9ba4, process id 0x13dc, application start time 0xchrome.exe0. System errors: ============= Error: (04/27/2015 09:05:10 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (04/22/2015 02:31:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: MBAMService1 Error: (04/22/2015 02:31:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000 Error: (04/22/2015 02:31:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000MBAMScheduler Error: (04/22/2015 02:25:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000MBAMScheduler Error: (04/22/2015 02:25:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000MBAMScheduler Error: (04/06/2015 11:03:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows Media Player Network Sharing Service%%1053 Error: (04/06/2015 11:03:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Windows Media Player Network Sharing Service Error: (04/06/2015 10:58:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Software Licensing11200001Restart the service Error: (04/06/2015 10:58:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Windows Modules Installer11200001Restart the service Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-04-27 21:41:59.770 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-27 21:41:59.458 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-27 21:41:58.990 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-27 21:41:58.709 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-27 21:41:57.617 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-27 21:41:57.196 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-27 21:41:56.743 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-27 21:41:56.307 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-27 21:31:05.974 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-27 21:31:05.709 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz Percentage of memory in use: 80% Total physical RAM: 3069.62 MB Available physical RAM: 594.46 MB Total Pagefile: 6355.54 MB Available Pagefile: 2949.93 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:219.7 GB) (Free:133.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (HP_RECOVERY) (Fixed) (Total:13.18 GB) (Free:2.39 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 5EE65EE6) Partition 1: (Active) - (Size=219.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=13.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  10. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/6/2015 Scan Time: 10:27:25 PM Logfile: Administrator: Yes Version: 2.01.4.1018 Malware Database: v2015.04.06.11 Rootkit Database: v2015.03.31.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x64 File System: NTFS User: Alicia Scan Type: Threat Scan Result: Completed Objects Scanned: 349635 Time Elapsed: 17 min, 47 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 8 PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4AEE759C-B937-44D6-A657-2AEA42F8231C}|URL, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_07&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCtByBzzzztA0Dzz0BzytN0D0Tzu0StCtCtAzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0C0F0CyD0BzztGyC0BzyyEtGzz0EyCtDtGzyyCtDtDtGyD0Fzz0FtAyE0FyCtBzy0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCyEyEtCtAtD0AtG0AtByBzytGyEzy0D0CtGzyyE0DtBtGtCyC0EyEyB0FyEyE0A0C0D0D2Q&cr=2007155312&ir=, Quarantined, [e67d7aef04860a2c24da3582be4517e9] PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4AEE759C-B937-44D6-A657-2AEA42F8231C}|TopResultURLFallback, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_07&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCtByBzzzztA0Dzz0BzytN0D0Tzu0StCtCtAzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0C0F0CyD0BzztGyC0BzyyEtGzz0EyCtDtGzyyCtDtDtGyD0Fzz0FtAyE0FyCtBzy0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCyEyEtCtAtD0AtG0AtByBzytGyEzy0D0CtGzyyE0DtBtGtCyC0EyEyB0FyEyE0A0C0D0D2Q&cr=2007155312&ir=, Quarantined, [0f5413566d1deb4bed113b7cb15246ba] PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4AEE759C-B937-44D6-A657-2AEA42F8231C}, Binkiland, Quarantined, [481b77f2cbbf4de9df1f84331de655ab] PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4AEE759C-B937-44D6-A657-2AEA42F8231C}|DisplayName, Binkiland, Quarantined, [f46f7beef298e353ca340fa859aa0bf5] PUP.Optional.Binkiland.A, HKU\S-1-5-21-197936244-2571931639-1420350080-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4AEE759C-B937-44D6-A657-2AEA42F8231C}|URL, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_07&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCtByBzzzztA0Dzz0BzytN0D0Tzu0StCtCtAzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0C0F0CyD0BzztGyC0BzyyEtGzz0EyCtDtGzyyCtDtDtGyD0Fzz0FtAyE0FyCtBzy0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCyEyEtCtAtD0AtG0AtByBzytGyEzy0D0CtGzyyE0DtBtGtCyC0EyEyB0FyEyE0A0C0D0D2Q&cr=2007155312&ir=, Quarantined, [bda65d0cf2983402cf30eacde81b41bf] PUP.Optional.Binkiland.A, HKU\S-1-5-21-197936244-2571931639-1420350080-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4AEE759C-B937-44D6-A657-2AEA42F8231C}|TopResultURLFallback, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_07&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCtByBzzzztA0Dzz0BzytN0D0Tzu0StCtCtAzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0C0F0CyD0BzztGyC0BzyyEtGzz0EyCtDtGzyyCtDtDtGyD0Fzz0FtAyE0FyCtBzy0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCyEyEtCtAtD0AtG0AtByBzytGyEzy0D0CtGzyyE0DtBtGtCyC0EyEyB0FyEyE0A0C0D0D2Q&cr=2007155312&ir=, Quarantined, [5a09de8b602a89ad10ef189f1de6c739] PUP.Optional.Binkiland.A, HKU\S-1-5-21-197936244-2571931639-1420350080-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4AEE759C-B937-44D6-A657-2AEA42F8231C}, Binkiland, Quarantined, [ed760a5fbdcd3cfa659a2d8a59aaaf51] PUP.Optional.Binkiland.A, HKU\S-1-5-21-197936244-2571931639-1420350080-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4AEE759C-B937-44D6-A657-2AEA42F8231C}|DisplayName, Binkiland, Quarantined, [31329dcce8a267cf9a65298e1ee59f61] Registry Data: 0 (No malicious items detected) # AdwCleaner v4.200 - Logfile created 06/04/2015 at 22:58:21 # Updated 29/03/2015 by Xplode # Database : 2015-04-06.3 [server] # Operating system : Windows Vista Home Premium Service Pack 2 (x64) # Username : Alicia - ALICIA-PC # Running from : C:\Users\Alicia\Desktop\adwcleaner_4.200.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\5c99a76000007279 [!] Folder Deleted : C:\Users\Alicia\AppData\LocalLow\HPAppData [!] Folder Deleted : C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\444488ab-3795-f771-4183-b878fb01106a Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6DA74206-F684-4596-A924-6426C61448E2} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6DA74206-F684-4596-A924-6426C61448E2} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6DA74206-F684-4596-A924-6426C61448E2} Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\Super Optimizer Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\AVG Secure Search Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Viewpoint ***** [ Web browsers ] ***** -\\ Internet Explorer v9.0.8112.16633 -\\ Google Chrome v41.0.2272.118 [C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=conan&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit= [C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_07&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCtByBzzzztA0Dzz0BzytN0D0Tzu0StCtCtAzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0C0F0CyD0BzztGyC0BzyyEtGzz0EyCtDtGzyyCtDtDtGyD0Fzz0FtAyE0FyCtBzy0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCyEyEtCtAtD0AtG0AtByBzytGyEzy0D0CtGzyyE0DtBtGtCyC0EyEyB0FyEyE0A0C0D0D2Q&cr=2007155312&ir= [C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla [C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [startup_URLs] : hxxp://binkiland.com/?f=7&a=&cd=&cr=&ir= [C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_07&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCtByBzzzztA0Dzz0BzytN0D0Tzu0StCtCtAzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0C0F0CyD0BzztGyC0BzyyEtGzz0EyCtDtGzyyCtDtDtGyD0Fzz0FtAyE0FyCtBzy0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCyEyEtCtAtD0AtG0AtByBzytGyEzy0D0CtGzyyE0DtBtGtCyC0EyEyB0FyEyE0A0C0D0D2Q&cr=2007155312&ir= ************************* AdwCleaner[R0].txt - [6822 bytes] - [06/04/2015 22:54:51] AdwCleaner[s0].txt - [6561 bytes] - [06/04/2015 22:58:21] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6620 bytes] ########## Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  11. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Alicia (administrator) on ALICIA-PC on 06-04-2015 20:53:56 Running from C:\Users\Alicia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CAZH1FIP Loaded Profiles: Alicia (Available profiles: Alicia) Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Realtek Semiconductor) C:\WINDOWS\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\x64\DpAgent.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe () C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1220392 2008-01-18] (Synaptics, Inc.) HKLM\...\Run: [sMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [833536 2007-01-17] (Motorola Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [5429760 2007-10-09] (Realtek Semiconductor) HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-10-24] (Intel Corporation) HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [701440 2007-09-04] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2007-12-19] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [671744 2007-09-20] (DigitalPersona, Inc.) HKLM-x32\...\Run: [hpqSRMon] => [X] HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [WAWifiMessage] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-197936244-2571931639-1420350080-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company) HKU\S-1-5-21-197936244-2571931639-1420350080-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-197936244-2571931639-1420350080-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe HKU\S-1-5-21-197936244-2571931639-1420350080-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Alicia\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid c73e1c08767547d69f84d1572e9e02ba-e036517d3297a963bd3bd0e06993047921121287 --CMPID 0913a AppInit_DLLs-x32: c:/progra~3/{8fb76~1/191~1.1/todi.dll => c:\ProgramData\{8FB76774-DF35-B6F2-6EB3-C670BE3115FE}\1.9.1.1\todi.dll [964608 2015-02-12] () Lsa: [Notification Packages] scecli DPPWDFLT BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop HKU\S-1-5-21-197936244-2571931639-1420350080-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop HKU\S-1-5-21-197936244-2571931639-1420350080-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_07&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCtByBzzzztA0Dzz0BzytN0D0Tzu0StCtCtAzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0C0F0CyD0BzztGyC0BzyyEtGzz0EyCtDtGzyyCtDtDtGyD0Fzz0FtAyE0FyCtBzy0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCyEyEtCtAtD0AtG0AtByBzytGyEzy0D0CtGzyyE0DtBtGtCyC0EyEyB0FyEyE0A0C0D0D2Q&cr=2007155312&ir= SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt SearchScopes: HKLM -> {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_07&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCtByBzzzztA0Dzz0BzytN0D0Tzu0StCtCtAzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0C0F0CyD0BzztGyC0BzyyEtGzz0EyCtDtGzyyCtDtDtGyD0Fzz0FtAyE0FyCtBzy0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCyEyEtCtAtD0AtG0AtByBzytGyEzy0D0CtGzyyE0DtBtGtCyC0EyEyB0FyEyE0A0C0D0D2Q&cr=2007155312&ir= SearchScopes: HKLM -> {6DA74206-F684-4596-A924-6426C61448E2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 -> DefaultScope {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt SearchScopes: HKLM-x32 -> {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt SearchScopes: HKLM-x32 -> {6DA74206-F684-4596-A924-6426C61448E2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKU\S-1-5-21-197936244-2571931639-1420350080-1000 -> DefaultScope {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_07&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCtByBzzzztA0Dzz0BzytN0D0Tzu0StCtCtAzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0C0F0CyD0BzztGyC0BzyyEtGzz0EyCtDtGzyyCtDtDtGyD0Fzz0FtAyE0FyCtBzy0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCyEyEtCtAtD0AtG0AtByBzytGyEzy0D0CtGzyyE0DtBtGtCyC0EyEyB0FyEyE0A0C0D0D2Q&cr=2007155312&ir= SearchScopes: HKU\S-1-5-21-197936244-2571931639-1420350080-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt SearchScopes: HKU\S-1-5-21-197936244-2571931639-1420350080-1000 -> {4AEE759C-B937-44D6-A657-2AEA42F8231C} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_07&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCtByBzzzztA0Dzz0BzytN0D0Tzu0StCtCtAzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0C0F0CyD0BzztGyC0BzyyEtGzz0EyCtDtGzyyCtDtDtGyD0Fzz0FtAyE0FyCtBzy0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCyEyEtCtAtD0AtG0AtByBzytGyEzy0D0CtGzyyE0DtBtGtCyC0EyEyB0FyEyE0A0C0D0D2Q&cr=2007155312&ir= SearchScopes: HKU\S-1-5-21-197936244-2571931639-1420350080-1000 -> {6DA74206-F684-4596-A924-6426C61448E2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG10\avgssiea.dll [2011-09-09] (AVG Technologies CZ, s.r.o.) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated) BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG10\avgssie.dll [2011-09-09] (AVG Technologies CZ, s.r.o.) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited) BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation) BHO-x32: HP Print Clips -> {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} -> c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll [2007-08-31] (Hewlett-Packard Co.) Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll [2011-02-08] (AVG Technologies CZ, s.r.o.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.) Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 74.40.74.41 FireFox: ======== FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc) FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-06] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4 FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-04-11] Chrome: ======= CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=&cd=&cr=&ir=" CHR DefaultSearchKeyword: Default -> binkiland.com CHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_07&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCtByBzzzztA0Dzz0BzytN0D0Tzu0StCtCtAzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0C0F0CyD0BzztGyC0BzyyEtGzz0EyCtDtGzyyCtDtDtGyD0Fzz0FtAyE0FyCtBzy0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCyEyEtCtAtD0AtG0AtByBzytGyEzy0D0CtGzyyE0DtBtGtCyC0EyEyB0FyEyE0A0C0D0D2Q&cr=2007155312&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\gcswf32.dll No File CHR Plugin: (AVG Internet Security) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27] CHR Extension: (Google Search) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27] CHR Extension: (AVG Safe Search) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2011-07-05] CHR Extension: (Google Wallet) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27] CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [2011-09-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Automatic LiveUpdate Scheduler; c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe [243064 2007-08-23] (Symantec Corporation) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.) S3 Com4Qlb; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed] R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [299008 2007-09-20] (DigitalPersona, Inc.) [File not signed] S2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed] R2 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S3 LiveUpdate; c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE [3192184 2007-08-23] (Symantec Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-19] () R2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-19] () R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [217088 2007-08-28] (AuthenTec, Inc.) R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [117328 2011-05-27] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. ) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.) R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [380192 2014-11-04] (AVG Technologies CZ, s.r.o.) R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-06] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [38224 2010-12-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation) R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1455616 2007-01-17] (Motorola Inc.) U1 eabfiltr; No ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 SymIM; system32\DRIVERS\SymIM.sys [X] S3 SymIMMP; system32\DRIVERS\SymIM.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-06 20:53 - 2015-04-06 20:53 - 00000000 ____D () C:\FRST 2015-04-06 19:54 - 2015-04-06 20:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-06 19:53 - 2015-04-06 19:53 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-06 19:53 - 2015-04-06 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-06 19:53 - 2015-04-06 19:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-06 19:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-06 19:53 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-06 16:33 - 2015-04-06 16:33 - 00000000 ____D () C:\ProgramData\5c99a76000007279 2015-04-06 16:28 - 2015-04-06 20:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-06 16:28 - 2015-04-06 16:28 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-04-06 16:28 - 2015-04-06 16:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-06 16:28 - 2015-04-06 16:28 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-04-06 16:28 - 2015-04-06 16:28 - 00000000 ____D () C:\Windows\system32\Macromed 2015-04-06 14:59 - 2015-04-06 15:00 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-04-06 14:59 - 2015-04-06 14:59 - 00001019 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-04-06 14:58 - 2015-04-06 14:58 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-04-06 14:56 - 2015-04-06 14:56 - 00388282 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistMSI4FF4.txt 2015-04-06 14:56 - 2015-04-06 14:56 - 00012152 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistUI4FF4.txt 2015-04-06 14:54 - 2015-04-06 14:56 - 00459966 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistMSI4EC1.txt 2015-04-06 14:54 - 2015-04-06 14:56 - 00012360 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistUI4EC1.txt 2015-04-06 14:54 - 2015-04-06 14:54 - 00000000 ____D () C:\Users\Alicia\Desktop\OpenOffice 4.1.1 (en-US) Installation Files 2015-04-06 14:53 - 2015-04-06 14:50 - 140852175 _____ () C:\Users\Alicia\Downloads\OpenOffice_Setup [1].exe 2015-04-06 14:45 - 2015-04-06 14:45 - 00002025 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-06 14:45 - 2015-04-06 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-04-06 12:22 - 2015-02-19 19:03 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-04-06 12:22 - 2015-02-19 18:44 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-04-06 12:22 - 2015-02-19 17:39 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-04-06 12:22 - 2015-02-19 17:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-04-06 12:20 - 2014-10-12 18:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-04-06 12:20 - 2014-10-12 17:56 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-04-06 12:19 - 2015-01-28 18:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-04-06 12:19 - 2015-01-28 18:33 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-04-06 12:19 - 2015-01-20 19:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-04-06 12:19 - 2015-01-20 18:42 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-04-06 12:18 - 2015-02-25 17:31 - 02792960 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-04-06 12:18 - 2015-02-17 19:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-04-06 12:18 - 2015-02-17 18:42 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-04-06 12:10 - 2015-02-25 18:40 - 04692408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-06 12:10 - 2015-01-28 18:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-04-06 12:10 - 2015-01-28 18:33 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-04-06 12:10 - 2015-01-08 18:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-06 12:10 - 2015-01-08 17:29 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-06 12:08 - 2015-03-05 21:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-06 12:08 - 2015-03-05 20:35 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-06 10:54 - 2015-02-21 12:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-06 10:54 - 2015-02-21 12:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-06 10:54 - 2015-02-21 12:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-06 10:54 - 2015-02-21 12:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-06 10:54 - 2015-02-21 11:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-06 10:54 - 2015-02-21 11:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-06 10:54 - 2015-02-21 11:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-06 10:54 - 2015-02-21 11:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-04-06 10:54 - 2015-02-21 11:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-06 10:54 - 2015-02-21 11:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-04-06 10:54 - 2015-02-21 11:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-04-06 10:54 - 2015-02-21 11:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-06 10:54 - 2015-02-21 11:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-06 10:54 - 2015-02-21 11:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-06 10:54 - 2015-02-21 11:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-04-06 10:54 - 2015-02-21 10:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-06 10:54 - 2015-02-21 10:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-04-06 10:54 - 2015-02-21 10:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-06 10:54 - 2015-02-21 10:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-06 10:54 - 2015-02-21 10:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-06 10:54 - 2015-02-21 10:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-06 10:54 - 2015-02-21 10:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-06 10:54 - 2015-02-21 10:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2015-04-06 10:54 - 2015-02-21 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-04-06 10:54 - 2015-02-21 10:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-06 10:54 - 2015-02-21 10:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-04-06 10:54 - 2015-02-21 10:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-06 10:54 - 2015-02-21 10:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-06 10:54 - 2015-02-21 10:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-04-06 10:54 - 2015-02-21 10:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-04-06 10:54 - 2015-02-21 10:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-06 10:54 - 2015-02-21 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-06 10:54 - 2015-02-21 10:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-06 10:54 - 2015-02-21 10:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2015-04-06 10:54 - 2015-02-21 10:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2015-04-06 10:54 - 2015-02-21 10:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2015-04-06 10:54 - 2015-02-21 10:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-04-06 09:55 - 2015-04-06 11:57 - 00000000 ____D () C:\Users\Alicia\AppData\Roaming\HpUpdate 2015-04-06 09:54 - 2015-04-06 09:54 - 00000000 ____D () C:\Windows\Hewlett-Packard 2015-04-06 09:40 - 2015-04-06 09:40 - 00000010 _____ () C:\Users\Alicia\AppData\Local\DSI.DAT ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-06 20:33 - 2008-07-10 15:40 - 01429984 _____ () C:\Windows\WindowsUpdate.log 2015-04-06 20:33 - 2006-11-02 05:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-06 20:30 - 2008-07-10 15:52 - 00000255 _____ () C:\Users\Public\Documents\hpqp.ini 2015-04-06 20:29 - 2012-04-22 18:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-06 20:29 - 2011-02-24 16:09 - 00476978 _____ () C:\ProgramData\nvModes.dat 2015-04-06 20:29 - 2011-02-24 16:09 - 00476978 _____ () C:\ProgramData\nvModes.001 2015-04-06 20:27 - 2012-04-22 18:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-06 20:25 - 2008-01-20 20:26 - 00982042 _____ () C:\Windows\PFRO.log 2015-04-06 20:25 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-06 20:25 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-06 20:25 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-06 20:25 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\tracing 2015-04-06 20:24 - 2006-11-02 08:42 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-06 19:53 - 2011-02-24 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-06 16:27 - 2011-02-24 15:28 - 00081008 _____ () C:\Users\Alicia\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-06 16:26 - 2012-06-25 09:12 - 00007808 _____ () C:\Users\Alicia\AppData\Local\d3d9caps.dat 2015-04-06 16:24 - 2006-11-02 08:21 - 00340192 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-06 16:23 - 2008-07-02 05:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-04-06 15:52 - 2011-02-24 15:18 - 00000000 ____D () C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2015-04-06 15:52 - 2008-07-02 06:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2015-04-06 15:52 - 2008-07-02 06:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2015-04-06 15:52 - 2008-07-02 06:05 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2015-04-06 15:04 - 2008-07-02 05:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee 2015-04-06 15:01 - 2012-07-29 22:17 - 00003694 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C19D3A41-7CE5-470E-830A-C6AFADC7A1BE} 2015-04-06 14:55 - 2006-11-02 06:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-04-06 14:44 - 2012-04-22 18:28 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-06 14:43 - 2011-02-24 15:31 - 00000000 ____D () C:\Users\Alicia\AppData\Local\Google 2015-04-06 13:25 - 2014-03-17 15:41 - 00753386 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-04-06 12:20 - 2008-07-02 05:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-06 12:17 - 2013-08-21 03:22 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-06 12:10 - 2006-11-02 05:35 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-04-06 10:50 - 2011-02-24 16:32 - 00000000 ____D () C:\ProgramData\AVG10 2015-04-06 10:00 - 2015-02-16 20:00 - 00000119 _____ () C:\Users\Alicia\AppData\Roaming\WB.CFG 2015-04-06 09:56 - 2008-07-02 06:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-04-06 09:56 - 2008-07-02 06:03 - 00000000 ____D () C:\Program Files (x86)\HP 2015-04-06 09:47 - 2011-02-24 16:32 - 00000000 ____D () C:\Windows\system32\Drivers\AVG 2015-04-06 09:40 - 2011-02-24 18:28 - 00000328 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job ==================== Files in the root of some directories ======= 2013-08-12 16:46 - 2013-08-12 16:46 - 4188160 _____ () C:\Program Files (x86)\GUT9EC2.tmp 2015-02-16 20:00 - 2015-04-06 10:00 - 0000119 _____ () C:\Users\Alicia\AppData\Roaming\WB.CFG 2011-02-24 15:28 - 2011-02-24 15:28 - 0000000 _____ () C:\Users\Alicia\AppData\Local\AtStart.txt 2012-06-25 09:12 - 2015-04-06 16:26 - 0007808 _____ () C:\Users\Alicia\AppData\Local\d3d9caps.dat 2011-02-25 00:25 - 2012-10-15 03:00 - 0009380 _____ () C:\Users\Alicia\AppData\Local\d3d9caps64.dat 2015-04-06 14:54 - 2015-04-06 14:56 - 0459966 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistMSI4EC1.txt 2015-04-06 14:56 - 2015-04-06 14:56 - 0388282 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistMSI4FF4.txt 2015-04-06 14:54 - 2015-04-06 14:56 - 0012360 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistUI4EC1.txt 2015-04-06 14:56 - 2015-04-06 14:56 - 0012152 _____ () C:\Users\Alicia\AppData\Local\dd_vcredistUI4FF4.txt 2015-04-06 09:40 - 2015-04-06 09:40 - 0000010 _____ () C:\Users\Alicia\AppData\Local\DSI.DAT 2011-02-24 15:28 - 2011-02-24 15:28 - 0000000 _____ () C:\Users\Alicia\AppData\Local\DSwitch.txt 2011-02-24 15:28 - 2011-02-24 15:28 - 0000000 _____ () C:\Users\Alicia\AppData\Local\QSwitch.txt 2008-07-02 06:03 - 2008-07-02 06:04 - 0000372 _____ () C:\ProgramData\hpzinstall.log 2012-03-05 21:51 - 2012-03-05 21:53 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2011-02-24 16:09 - 2015-04-06 20:29 - 0476978 _____ () C:\ProgramData\nvModes.001 2011-02-24 16:09 - 2015-04-06 20:29 - 0476978 _____ () C:\ProgramData\nvModes.dat Some content of TEMP: ==================== C:\Users\Alicia\AppData\Local\Temp\HPQSi.exe C:\Users\Alicia\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Alicia\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Alicia\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Alicia\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Alicia\AppData\Local\Temp\supoptsetup.exe C:\Users\Alicia\AppData\Local\Temp\_isB3A6.exe C:\Users\Alicia\AppData\Local\Temp\{D1A6927F-5255-4488-A9C6-3B7FE6D3B26E}-GoogleUpdateSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-06 20:34 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Alicia at 2015-04-06 20:54:52 Running from C:\Users\Alicia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CAZH1FIP Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Reader 8.1.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated) AuthenTec Fingerprint Sensor Minimum Install (HKLM-x32\...\{7F362F06-A9A3-440F-8B19-6A01A72723C4}) (Version: 7.9 - AuthenTec) AVG 2011 (HKLM\...\AVG) (Version: 10.0.1434 - AVG Technologies) AVG 2011 (Version: 10.0.1434 - AVG Technologies) Hidden AVG 2011 (Version: 10.0.4311 - AVG Technologies) Hidden Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DigitalPersona Personal 3.0.0 (HKLM\...\{A6A95C2E-D8F9-4A19-8C87-4A0088844396}) (Version: 3.0.0 - DigitalPersona, Inc.) DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.0928 - CyberLink Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.) Hewlett-Packard Active Check (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.62.5 - HP) Hidden HP Active Support Library (HKLM-x32\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM-x32\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard) HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard) HP Easy Setup - Frontend (HKLM-x32\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard) HP Help and Support (HKLM\...\{A348C751-0EFF-4B9D-8065-B5339BEFBE27}) (Version: 1.5.0 - Hewlett-Packard) HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP) HP Quick Launch Buttons 6.30 E1 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.30 E1 - Hewlett-Packard) HP QuickPlay 3.6 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - ) HP QuickTouch 1.00 C3 (HKLM\...\{11192F89-510C-4E23-A62A-D3BEA9139596}) (Version: 1.0.5 - Hewlett-Packard) HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 3.0.17.0 - Hewlett-Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP User Guides 0088 (HKLM-x32\...\{8347A7A5-4AB8-433F-82AA-496B0D189A9B}) (Version: 1.02.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard) HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_Tattoo (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookHolidayPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookModernPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookPlayfulPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookScrapbookPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - ) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle) Java 6 Update 2 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.) LightScribe System Software 1.10.13.1 (x32 Version: 1.10.13.1 - http://www.lightscribe.com) Hidden LiveUpdate (Symantec Corporation) (HKLM-x32\...\PsuedoLiveUpdate) (Version: 3.4.0.162 - Symantec) LiveUpdate (Symantec Corporation) (x32 Version: 3.4.0.162 - Symantec) Hidden Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: - ) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) OpenOffice Packages (HKU\S-1-5-21-197936244-2571931639-1420350080-1000\...\OpenOffice Packages) (Version: - ) <==== ATTENTION PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5494 - Realtek Semiconductor Corp.) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - ) SPBBC 64bit (Version: 107.0.0.134 - Symantec Corporation) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics) TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc) VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-197936244-2571931639-1420350080-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Alicia\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-197936244-2571931639-1420350080-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Alicia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-197936244-2571931639-1420350080-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alicia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File ==================== Restore Points ========================= 15-01-2015 18:44:45 Scheduled Checkpoint 20-01-2015 19:58:53 Scheduled Checkpoint 21-01-2015 04:00:46 Windows Update 22-01-2015 13:36:53 Scheduled Checkpoint 28-01-2015 14:34:57 Scheduled Checkpoint 29-01-2015 13:12:13 Scheduled Checkpoint 03-02-2015 20:47:29 Scheduled Checkpoint 12-02-2015 19:38:22 Scheduled Checkpoint 13-02-2015 04:00:41 Windows Update 14-02-2015 04:00:49 Windows Update 16-02-2015 20:45:44 Scheduled Checkpoint 17-02-2015 19:59:49 Scheduled Checkpoint 06-04-2015 09:41:28 Scheduled Checkpoint 06-04-2015 09:54:11 Installed HP Update. 06-04-2015 12:07:43 Windows Update 06-04-2015 13:16:53 Windows Update 06-04-2015 14:54:41 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 06-04-2015 14:57:34 Installed OpenOffice 4.1.1 06-04-2015 15:03:04 Removed muvee autoProducer 6.1 06-04-2015 15:05:18 Configured SlingPlayer 06-04-2015 15:07:22 Removed Slingbox Flash Tour 06-04-2015 15:10:15 Configured PowerDirector ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2FCFC88F-824E-4BB7-B7A4-C206C95B29AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-06] (Adobe Systems Incorporated) Task: {7331FD0E-8BF0-4368-BD21-C7F630D88D4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-22] (Google Inc.) Task: {CB68A3DE-3664-496D-8FD4-B41F4B36CE75} - \Binkiland todi No Task File <==== ATTENTION Task: {D255ED44-6EB8-465D-AEFA-7209A581A1AC} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] () Task: {D415E48C-3095-434E-8692-81B54B04F7FE} - System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe Task: {D47DC9EA-77FE-4A81-8BEC-326A6104E168} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe Task: {F8598960-6B3B-4C6E-B2DA-449436D1C2E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-22] (Google Inc.) Task: {FEBC8165-B7E2-4315-93C2-131F7EEF699B} - \Binkiland No Task File <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2008-07-10 15:51 - 2007-12-19 19:28 - 00271760 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe 2008-07-10 15:51 - 2007-12-19 19:28 - 00112016 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe 2007-05-16 10:43 - 2007-05-16 10:43 - 00677432 ____R () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe 2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe 2008-07-10 15:51 - 2007-12-19 19:28 - 00251288 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll 2008-07-10 15:51 - 2007-12-19 19:28 - 00038184 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll 2008-07-10 15:51 - 2007-12-19 19:28 - 00120208 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll 2008-07-10 15:51 - 2007-12-19 19:28 - 00345384 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll 2007-07-12 14:55 - 2007-07-12 14:55 - 01581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2007-08-14 16:43 - 2007-08-14 16:43 - 06365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2007-07-12 14:55 - 2007-07-12 14:55 - 00131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-197936244-2571931639-1420350080-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img11.jpg DNS Servers: 192.168.254.254 - 74.40.74.41 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-197936244-2571931639-1420350080-500 - Administrator - Disabled) Alicia (S-1-5-21-197936244-2571931639-1420350080-1000 - Administrator - Enabled) => C:\Users\Alicia Guest (S-1-5-21-197936244-2571931639-1420350080-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/06/2015 08:37:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 41.0.2272.118, time stamp 0x55199d5a, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053287, process id 0x4b0, application start time 0xchrome.exe0. Error: (04/06/2015 08:26:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2015 04:33:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 41.0.2272.118, time stamp 0x55199d5a, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053287, process id 0x13d8, application start time 0xchrome.exe0. Error: (04/06/2015 04:24:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2015 04:21:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 41.0.2272.118, time stamp 0x55199d5a, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053287, process id 0x1720, application start time 0xchrome.exe0. Error: (04/06/2015 02:54:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 41.0.2272.118, time stamp 0x55199d5a, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053287, process id 0x1274, application start time 0xchrome.exe0. Error: (04/06/2015 02:43:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 40.0.2214.94, time stamp 0x54c6f514, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053287, process id 0x13c8, application start time 0xchrome.exe0. Error: (04/06/2015 02:41:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 40.0.2214.94, time stamp 0x54c6f514, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x74ab9ba4, process id 0x13dc, application start time 0xchrome.exe0. Error: (04/06/2015 02:41:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 40.0.2214.94, time stamp 0x54c6f514, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053287, process id 0xbbc, application start time 0xchrome.exe0. Error: (04/06/2015 01:45:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 40.0.2214.94, time stamp 0x54c6f514, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053287, process id 0x8cc, application start time 0xchrome.exe0. System errors: ============= Error: (04/06/2015 08:30:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Intuit Update Service v4%%1053 Error: (04/06/2015 08:30:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Intuit Update Service v4 Error: (04/06/2015 08:29:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: HP Health Check Service%%1053 Error: (04/06/2015 08:29:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000HP Health Check Service Error: (04/06/2015 03:05:10 PM) (Source: DCOM) (EventID: 10001) (User: ) Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -Embedding740{D5641912-E47A-429C-879E-CFE13EAC7A13} Error: (04/06/2015 01:36:56 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Windows Update Error: (04/06/2015 00:20:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows Search%%1053 Error: (04/06/2015 00:20:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Windows Search Error: (04/06/2015 00:20:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows Search%%1053 Error: (04/06/2015 00:20:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Windows Search Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-04-06 20:54:47.655 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-06 20:54:47.421 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-06 20:54:47.187 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-06 20:54:46.906 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-06 20:54:05.894 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-06 20:54:05.676 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-06 20:54:05.426 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-06 20:54:05.176 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-06 20:54:04.209 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-06 20:54:03.975 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz Percentage of memory in use: 55% Total physical RAM: 3069.62 MB Available physical RAM: 1363.59 MB Total Pagefile: 6351.54 MB Available Pagefile: 3983.11 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:219.7 GB) (Free:134.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (HP_RECOVERY) (Fixed) (Total:13.18 GB) (Free:2.39 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 5EE65EE6) Partition 1: (Active) - (Size=219.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=13.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  12. I will do all those things. Thanks for the heads up on other resources. Finding the right support forums is sometimes the hardest part of following up on these technical issues.
  13. I had hoped your suggested operations had helped resolve the problems I have had with this computer since I had bought it new in the Winter of 2012, however I had several of the other symptoms of malfunction present themselves just now. Upon waking up the laptop from slumber, it soon had Chrome freeze for a few minutes before I forced it to close. The only other application open was a request from Malwarebytes updater requesting I update the software, to which I said yes and then waited about 20 minutes while the application never progressed and appeared to be frozen as well. I tried to cancel the update and when it did not respond, I used the Windows menu to execute a restart. The restart got to the logging off message screen and stalled there for about 10 minutes before the screen went black and would not wake up to key press or any other action, although the had drive was still spinning and the power lights all remained on. This is typical of previous symptoms. Almost as frequently the computer goes to blue screen. I would love to have somone offer advice on how I might pursue a possible fix after the 12 month warranty has passed on this Asus laptop, especially since I had sent it into them in that 12 month window and all they did was replace the Hard Drive. My concern is that it is a Motherboard manufacturing error and I am without any recourse of having the $1000 dollars I spent on this laptop somehow made good on with a laptop that works for more than a few hours before freezing and resting in a broken state until restart. Any ideas where I could begin to investigate my options?
  14. I accidentally did repairs to the system before running a disk check repair, so now there are two logs attached. The first is the repairs without the disk check and the second is repairs after a disk check. _Windows_Repair_Log.txt _Windows_Repair_Log2.txt
  15. Vino's Event Viewer v01c run on Windows 2008 in English Report run at 14/10/2014 7:59:16 PM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Critical Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 15/10/2014 12:02:09 AM Type: Error Category: 100 Event: 1000 Source: Application Error Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x000223e0 Faulting process id: 0x1468 Faulting application start time: 0x01cfe80a67a90187 Faulting application path: C:\Users\dirtylaptop\AppData\Local\Google\Update\GoogleUpdate.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 815bc4b0-53fe-11e4-b308-c860004148c4 Log: 'Application' Date/Time: 14/10/2014 6:48:41 PM Type: Error Category: 0 Event: 100 Source: Bonjour Service Task Scheduling Error: m->NextScheduledSPRetry 38195472 Log: 'Application' Date/Time: 14/10/2014 6:48:41 PM Type: Error Category: 0 Event: 100 Source: Bonjour Service Task Scheduling Error: m->NextScheduledEvent 38195472 Log: 'Application' Date/Time: 14/10/2014 6:48:41 PM Type: Error Category: 0 Event: 100 Source: Bonjour Service Task Scheduling Error: Continuously busy for more than a second Log: 'Application' Date/Time: 14/10/2014 8:12:16 AM Type: Error Category: 0 Event: 100 Source: Bonjour Service Task Scheduling Error: m->NextScheduledSPRetry 10016 Log: 'Application' Date/Time: 14/10/2014 8:12:16 AM Type: Error Category: 0 Event: 100 Source: Bonjour Service Task Scheduling Error: m->NextScheduledEvent 10016 Log: 'Application' Date/Time: 14/10/2014 8:12:16 AM Type: Error Category: 0 Event: 100 Source: Bonjour Service Task Scheduling Error: Continuously busy for more than a second Log: 'Application' Date/Time: 14/10/2014 8:12:15 AM Type: Error Category: 0 Event: 100 Source: Bonjour Service Task Scheduling Error: m->NextScheduledSPRetry 9017 Log: 'Application' Date/Time: 14/10/2014 8:12:15 AM Type: Error Category: 0 Event: 100 Source: Bonjour Service Task Scheduling Error: m->NextScheduledEvent 9017 Log: 'Application' Date/Time: 14/10/2014 8:12:15 AM Type: Error Category: 0 Event: 100 Source: Bonjour Service Task Scheduling Error: Continuously busy for more than a second ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - Critical Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 14/10/2014 8:01:00 PM Type: Critical Category: 63 Event: 41 Source: Microsoft-Windows-Kernel-Power The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Log: 'System' Date/Time: 14/10/2014 2:22:02 AM Type: Critical Category: 63 Event: 41 Source: Microsoft-Windows-Kernel-Power The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Log: 'System' Date/Time: 14/10/2014 12:19:40 AM Type: Critical Category: 63 Event: 41 Source: Microsoft-Windows-Kernel-Power The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Log: 'System' Date/Time: 12/10/2014 7:30:35 PM Type: Critical Category: 63 Event: 41 Source: Microsoft-Windows-Kernel-Power The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Log: 'System' Date/Time: 12/10/2014 4:53:19 PM Type: Critical Category: 63 Event: 41 Source: Microsoft-Windows-Kernel-Power The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - Error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 14/10/2014 8:04:36 PM Type: Error Category: 0 Event: 7032 Source: Service Control Manager The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. Log: 'System' Date/Time: 14/10/2014 8:04:36 PM Type: Error Category: 0 Event: 7032 Source: Service Control Manager The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. Log: 'System' Date/Time: 14/10/2014 8:04:36 PM Type: Error Category: 0 Event: 7032 Source: Service Control Manager The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. Log: 'System' Date/Time: 14/10/2014 8:03:36 PM Type: Error Category: 0 Event: 7032 Source: Service Control Manager The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. Log: 'System' Date/Time: 14/10/2014 8:02:36 PM Type: Error Category: 0 Event: 7031 Source: Service Control Manager The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Log: 'System' Date/Time: 14/10/2014 8:02:36 PM Type: Error Category: 0 Event: 7031 Source: Service Control Manager The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Log: 'System' Date/Time: 14/10/2014 8:02:36 PM Type: Error Category: 0 Event: 7031 Source: Service Control Manager The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Log: 'System' Date/Time: 14/10/2014 8:02:36 PM Type: Error Category: 0 Event: 7031 Source: Service Control Manager The Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Log: 'System' Date/Time: 14/10/2014 8:02:36 PM Type: Error Category: 0 Event: 7031 Source: Service Control Manager The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Log: 'System' Date/Time: 14/10/2014 8:02:36 PM Type: Error Category: 0 Event: 7031 Source: Service Control Manager The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.