Jump to content

Laptop Running very slow, chrome keeps crashing


Recommended Posts

Malware bytes log  

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.10.08.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
becca :: BECCA-HP [administrator]
 
10/9/2013 10:44:45 PM
mbam-log-2013-10-09 (22-44-45).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200620
Time elapsed: 7 minute(s), 12 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
DDS
 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by becca at 22:23:17 on 2013-10-09
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1900.239 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\becca\AppData\Local\Strongvault Online Backup\SMessaging.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {25DA541F-6ACF-4052-A8AA-1D58284729C7} - <orphaned>
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\becca\AppData\Local\DownloadTerms\temp.dat
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [DataMgr] C:\Users\becca\AppData\Roaming\DataMgr\datamgr.exe
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [sMessaging] "C:\Users\becca\AppData\Local\Strongvault Online Backup\SMessaging.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{75542D14-EF18-45D4-AD48-FC007129898B} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{993FDB8F-6706-4B4A-B196-93B33A59235C} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-15 98208]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-8-5 164816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-15 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-15 1817088]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-15 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-15 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-15 436840]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-3-15 878184]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-8-27 240736]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 60 ================
.
2013-10-08 22:24:14 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-10-08 17:13:27 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D8CEF5B-AD2C-408D-977A-804E15B42E26}\offreg.dll
2013-10-08 16:48:10 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D8CEF5B-AD2C-408D-977A-804E15B42E26}\mpengine.dll
2013-09-19 03:27:22 0 ----a-w- C:\Windows\SysWow64\sho9F23.tmp
2013-09-15 21:05:33 -------- d-----w- C:\Users\becca\AppData\Local\{23B3EB8B-911C-45D1-95A3-352653A8F361}
2013-09-11 14:42:05 -------- d-----w- C:\db3b12530b77b2ccf3247e8f
2013-09-09 19:51:10 -------- d-----w- C:\Users\becca\AppData\Local\{4B919E87-18C1-4BB6-B91E-F5CE71682610}
2013-09-02 00:10:53 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-09-02 00:10:40 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-09-02 00:10:32 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-09-02 00:10:24 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-09-01 23:58:34 -------- d-----w- C:\Users\becca\AppData\Local\{73B4A188-0AA8-4FC4-814F-3747FF6FCA73}
2013-09-01 23:58:34 -------- d-----w- C:\Users\becca\AppData\Local\{1908C1A9-2FE7-4F39-B279-D9FF98E65A8F}
2013-08-28 20:43:02 -------- d-----w- C:\Users\becca\AppData\Roaming\WildTangent
2013-08-28 20:36:19 -------- d-----w- C:\ProgramData\Zylom
2013-08-28 20:36:19 -------- d-----w- C:\Program Files (x86)\Zylom Games
2013-08-28 15:23:43 0 ----a-w- C:\Windows\SysWow64\sho1C0F.tmp
2013-08-28 04:50:17 -------- d-----w- C:\Users\becca\AppData\Local\emaze
2013-08-28 04:27:30 -------- d-----w- C:\Users\becca\AppData\Roaming\HMN
2013-08-28 04:27:30 -------- d-----w- C:\Users\becca\AppData\Roaming\DataMgr
2013-08-28 04:27:29 -------- d-----w- C:\Program Files (x86)\fbDownloader
2013-08-24 04:38:09 0 ----a-w- C:\Windows\SysWow64\shoA8D3.tmp
2013-08-24 04:00:29 -------- d-----w- C:\Program Files (x86)\Lightspark 0.5.3-git
2013-08-24 04:00:05 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2013-08-24 03:59:44 -------- d-----w- C:\Users\becca\AppData\Local\Strongvault Online Backup
2013-08-24 03:59:44 -------- d-----w- C:\ProgramData\Strongvault Online Backup
2013-08-24 03:59:09 -------- d-----w- C:\Users\becca\AppData\Local\Conduit
2013-08-24 03:58:56 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-08-24 03:58:52 -------- d-----w- C:\Users\becca\AppData\Roaming\SearchProtect
2013-08-24 03:58:51 -------- d-----w- C:\Users\becca\AppData\Local\CRE
2013-08-24 03:58:22 -------- d-----w- C:\Users\becca\AppData\Roaming\DefaultTab
2013-08-24 03:57:33 -------- d-----w- C:\Users\becca\AppData\Local\DownloadTerms
2013-08-24 03:57:29 -------- d-----w- C:\Users\becca\AppData\Local\SwvUpdater
2013-08-22 17:43:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-22 17:43:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 15:45:29 -------- d-----w- C:\Users\becca\AppData\Local\{CEEDF14F-786B-4D90-961B-77AF1CEE2379}
2013-08-21 15:45:19 -------- d-----w- C:\Users\becca\AppData\Roaming\Windows Live Writer
2013-08-21 15:45:19 -------- d-----w- C:\Users\becca\AppData\Local\Windows Live Writer
2013-08-20 03:52:35 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2013-08-20 03:52:35 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
2013-08-20 03:52:30 -------- d-----w- C:\ProgramData\APN
2013-08-20 03:50:15 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-08-20 03:50:15 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-20 03:49:42 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-19 03:00:12 940544 ----a-w- C:\Users\becca\AppData\Local\log4cxx.dll
2013-08-19 03:00:12 192512 ----a-w- C:\Users\becca\AppData\Local\common_functions.dll
2013-08-19 02:44:46 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-08-19 02:44:31 -------- d-sh--w- C:\AI_RecycleBin
2013-08-18 23:34:19 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-18 20:08:26 -------- d--h--w- C:\ProgramData\Common Files
2013-08-18 20:08:23 -------- d-----w- C:\Program Files (x86)\VideoConverter
2013-08-15 13:50:10 -------- d-----w- C:\Windows\System32\MRT
2013-08-14 13:30:08 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 13:30:08 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 13:30:08 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 13:30:08 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 13:30:08 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 13:30:08 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-14 13:30:08 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 13:30:08 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-14 13:29:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-14 13:29:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-14 13:29:40 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-14 13:29:40 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-14 13:29:39 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-14 13:29:38 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-14 13:29:32 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-14 13:28:54 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find6M  ====================
.
2013-08-18 23:34:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-06 21:23:00 878184 ----a-w- C:\Windows\System32\drivers\rtl8192ce.sys
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-24 23:40:22 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-26 23:21:50 23208 ----a-w- C:\Windows\System32\drivers\Sftvollh.sys
2013-06-26 23:21:48 28840 ----a-w- C:\Windows\System32\drivers\Sftredirlh.sys
2013-06-26 23:21:46 273576 ----a-w- C:\Windows\System32\drivers\Sftplaylh.sys
2013-06-26 23:21:46 1777320 ----a-w- C:\Windows\System32\sftldr.dll
2013-06-26 23:21:46 1130664 ----a-w- C:\Windows\SysWow64\sftldr_wow64.dll
2013-06-26 23:21:44 767144 ----a-w- C:\Windows\System32\drivers\Sftfslh.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:10:12 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
.
============= FINISH: 22:23:43.19 ===============
 
attach.txt
 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 7/8/2013 3:56:14 AM
System Uptime: 10/9/2013 10:18:00 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 3672
Processor: Intel® Celeron® CPU B800 @ 1.50GHz | CPU1 | 1500/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 220.788 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.608 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 2.882 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP47: 9/27/2013 1:53:14 PM - Windows Update
RP48: 10/1/2013 1:57:18 PM - Windows Update
RP49: 10/6/2013 7:51:38 PM - Removed TheSims3EP4
RP50: 10/6/2013 7:53:28 PM - Removed The Sims 3 Late Night
RP51: 10/6/2013 7:55:20 PM - Removed TheSims3EP7
RP52: 10/6/2013 7:57:48 PM - Installed The Sims Medieval
RP53: 10/8/2013 12:41:59 PM - Windows Update
RP55: 10/9/2013 10:03:43 PM - Windows Update
RP56: 10/9/2013 10:14:26 PM - Installed The Sims Medieval
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader X MUI
Adobe Shockwave Player 12.0
Agatha Christie - Peril at End House
Ask Toolbar
Bejeweled 3
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Cake Mania
Chronicles of Albian
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compaq Setup Manager
Cradle of Rome 2
CyberLink YouCam
D3DX10
DownloadTerms
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
FATE
Google Chrome
Governor of Poker 2 Premium Edition
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Setup
HP Software Framework
HP Support Assistant
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java 7 Update 25
Java Auto Updater
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
Namco All-Stars: PAC-MAN
Origin
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Slingo Supreme
Strongvault Online Backup
swMSM
Synaptics TouchPad Driver
The Sims Medieval
The Sims™ 3
The Sims™ 3 Supernatural
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
Virtual Villagers 5 - New Believers
Web-Cake 3.00
WildTangent Games App for HP
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
Zylom Games Player Plugin
.
==== Event Viewer Messages From Past Week ========
.
10/9/2013 10:18:17 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
10/8/2013 6:31:21 PM, Error: Service Control Manager [7034]  - The Ask Update Service service terminated unexpectedly.  It has done this 1 time(s).
10/8/2013 6:31:07 PM, Error: Service Control Manager [7034]  - The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
10/8/2013 2:28:29 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
10/8/2013 10:26:26 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/8/2013 1:40:15 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
10/8/2013 1:01:02 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service.
10/7/2013 9:47:22 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
10/7/2013 1:38:16 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RoxioNow Service service.
10/6/2013 12:35:35 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/6/2013 12:12:19 AM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.2.4. The computer with the IP address 192.168.2.2 did not allow the name to be claimed by this computer.
10/2/2013 11:30:29 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
.
==== End Of File ===========================
 

 

 

 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:


P2P/Piracy Warning:
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 



Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)

 

 

 

 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

  • Root Admin

Thanks, that looks pretty good.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.


  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.


  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

 

Link to post
Share on other sites

completed all except ESET.   got to 16% 3 times and froze.  posted the 2 files it came up with.

 

 

 

 

 

MBAR.txt

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

www.malwarebytes.org
 
Database version: v2013.10.10.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
becca :: BECCA-HP [administrator]
 
10/10/2013 8:07:47 PM
mbar-log-2013-10-10 (20-07-47).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 220006
Time elapsed: 18 minute(s), 58 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
System log.txt
 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16721
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.496000 GHz
Memory total: 1992146944, free: 601604096
 
Downloaded database version: v2013.10.10.07
Downloaded database version: v2013.10.08.02
=======================================
Initializing...
------------ Kernel report ------------
     10/10/2013 20:07:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\oleaut32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003fef740
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8003ba5050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003fef740, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003fef190, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003fef740, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003ba5050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E9B0A126
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 586092544
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 586502144  Numsec = 30316544
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 616818688  Numsec = 8321712
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 
JRT.txt
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by becca on Thu 10/10/2013 at 20:37:33.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [service] APNMCP
Successfully deleted: [service] APNMCP
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SMessaging [strongvault]
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\competeinc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\whitesmoke_new
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3287806
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C4FAA0B-B932-4F2C-8D9C-41EF35738F39}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{76BE1A96-C951-4B36-AB9A-0A5CCA5EBE0F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25DA541F-6ACF-4052-A8AA-1D58284729C7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\syswow64\sho1C0F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6524.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9F23.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA8D3.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\becca\AppData\Roaming\datamgr"
Successfully deleted: [Folder] "C:\Users\becca\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\becca\AppData\Roaming\hmn"
Successfully deleted: [Folder] "C:\Users\becca\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\becca\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\becca\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\becca\appdata\local\downloadterms"
Successfully deleted: [Folder] "C:\Users\becca\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\becca\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\becca\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\becca\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\becca\appdata\locallow\whitesmoke_new"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\fbdownloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Users\becca\AppData\Roaming\microsoft\windows\start menu\programs\strongvault online backup"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\becca\appdata\local\{1908C1A9-2FE7-4F39-B279-D9FF98E65A8F}
Successfully deleted: [Empty Folder] C:\Users\becca\appdata\local\{23B3EB8B-911C-45D1-95A3-352653A8F361}
Successfully deleted: [Empty Folder] C:\Users\becca\appdata\local\{4B919E87-18C1-4BB6-B91E-F5CE71682610}
Successfully deleted: [Empty Folder] C:\Users\becca\appdata\local\{73B4A188-0AA8-4FC4-814F-3747FF6FCA73}
Successfully deleted: [Empty Folder] C:\Users\becca\appdata\local\{CEEDF14F-786B-4D90-961B-77AF1CEE2379}
Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"
Successfully deleted: [Folder] "C:\Program Files (x86)\askpartnernetwork"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hacjidbllfnlecmikihhjphlicpbepih
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/10/2013 at 20:45:42.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
AdWCleaner.txt
 

 

# AdwCleaner v3.007 - Report created 10/10/2013 at 20:52:13

# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : becca - BECCA-HP
# Running from : C:\Users\becca\AppData\Local\Temp\dlm610D.tmp\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : Update lucky leap
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\lucky leap
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\becca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\becca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDCED990-E1BE-4DBE-858B-BB3A387E1DEF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAF6FF4E-02C2-4E2A-B82A-1C5D510C1CB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\lucky leap
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\lucky leap
Key Deleted : HKLM\Software\WhiteSmoke_New
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\becca\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
 
*************************
 
AdwCleaner[R0].txt - [7569 octets] - [09/10/2013 22:31:39]
AdwCleaner[R1].txt - [4307 octets] - [10/10/2013 20:50:09]
AdwCleaner[s0].txt - [3646 octets] - [10/10/2013 20:52:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3706 octets] ##########
 
ESET
 

 

C:\Program Files (x86)\VideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application

C:\Program Files (x86)\VideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.CF application
 
 
Link to post
Share on other sites

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by becca (administrator) on BECCA-HP on 10-10-2013 23:36:15
Running from C:\Users\becca\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [setDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2316464 2013-10-10] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {D68A0CEC-F166-40A1-9FE0-9615AF106A86} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.0.27\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.0.27\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
Chrome: 
=======
CHR Extension: (Chrome In-App Payments service) - C:\Users\becca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [acohkacenjkkllhbfgfflibmenakobco] - C:\Users\becca\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx
CHR HKLM-x32\...\Chrome\Extension: [fibbpolejomdcpiahkgcmdmaliooeien] - C:\Users\becca\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\becca\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx
 
==================== Services (Whitelisted) =================
 
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-08-27] (WildTangent)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-09-24] (PasswordBox, Inc.)
R2 vToolbarUpdater17.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.0\ToolbarUpdater.exe [1643696 2013-10-10] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-10-10] (AVG Technologies)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-10 23:35 - 2013-10-10 23:35 - 00000000 ____D C:\FRST
2013-10-10 23:34 - 2013-10-10 23:34 - 01954124 _____ (Farbar) C:\Users\becca\Downloads\FRST64.exe
2013-10-10 23:33 - 2013-10-10 23:33 - 00000212 _____ C:\Users\becca\Documents\eset.txt
2013-10-10 21:57 - 2013-10-10 21:58 - 02347384 _____ (ESET) C:\Users\becca\Downloads\esetsmartinstaller_enu (1).exe
2013-10-10 20:56 - 2013-10-10 20:56 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-10 20:55 - 2013-10-10 20:56 - 02347384 _____ (ESET) C:\Users\becca\Downloads\esetsmartinstaller_enu.exe
2013-10-10 20:54 - 2013-10-10 20:54 - 00003830 _____ C:\Users\becca\Desktop\AdwCleaner[s0].txt
2013-10-10 20:53 - 2013-10-10 20:53 - 00000000 ____D C:\Users\becca\AppData\Local\AVG Secure Search
2013-10-10 20:50 - 2013-10-10 20:50 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-10 20:50 - 2013-10-10 20:50 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-10-10 20:50 - 2013-10-10 20:50 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2013-10-10 20:50 - 2013-10-10 20:50 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-10 20:49 - 2013-10-10 20:49 - 00894600 _____ (CNET Download.com) C:\Users\becca\Downloads\cbsidlm-cbsi134-AdwCleaner-SEO-75851221.exe
2013-10-10 20:45 - 2013-10-10 20:47 - 00008256 _____ C:\Users\becca\Desktop\JRT.txt
2013-10-10 20:37 - 2013-10-10 20:37 - 01032220 _____ (Thisisu) C:\Users\becca\Downloads\JRT.exe
2013-10-10 20:37 - 2013-10-10 20:37 - 00000000 ____D C:\Windows\ERUNT
2013-10-10 20:07 - 2013-10-10 20:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-10 20:06 - 2013-10-10 20:36 - 00000000 ____D C:\Users\becca\Desktop\mbar
2013-10-10 20:05 - 2013-10-10 20:06 - 12907592 _____ (Malwarebytes Corp.) C:\Users\becca\Downloads\mbar-1.07.0.1005.exe
2013-10-10 11:42 - 2013-10-10 11:42 - 00024187 _____ C:\ComboFix.txt
2013-10-10 11:03 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-10 11:03 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-10 11:03 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-10 11:03 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-10 11:03 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-10 11:03 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-10 11:03 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-10 11:03 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-10 11:02 - 2013-10-10 11:42 - 00000000 ____D C:\Qoobox
2013-10-10 11:01 - 2013-10-10 11:39 - 00000000 ____D C:\Windows\erdnt
2013-10-10 11:00 - 2013-10-10 11:01 - 05131844 ____R (Swearware) C:\Users\becca\Downloads\ComboFix.exe
2013-10-10 08:53 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 08:53 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 08:53 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 08:53 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 08:53 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 08:53 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 08:53 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 08:53 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 08:53 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 08:53 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 08:53 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 08:53 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 08:53 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 08:53 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 08:53 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 08:53 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 08:53 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 08:53 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 08:53 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 08:53 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 08:53 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 08:53 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 08:53 - 2013-09-22 18:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 08:53 - 2013-09-22 18:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 08:53 - 2013-09-22 18:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 08:53 - 2013-09-22 18:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 08:53 - 2013-09-22 18:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 08:53 - 2013-09-20 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 08:53 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 08:53 - 2013-09-20 22:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 08:53 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 22:31 - 2013-10-10 20:52 - 00000000 ____D C:\AdwCleaner
2013-10-09 22:30 - 2013-10-09 22:31 - 01048960 _____ C:\Users\becca\Downloads\AdwCleaner.exe
2013-10-09 22:23 - 2013-10-09 22:23 - 00023120 _____ C:\Users\becca\Desktop\dds.txt
2013-10-09 22:23 - 2013-10-09 22:23 - 00007499 _____ C:\Users\becca\Desktop\attach.txt
2013-10-09 22:22 - 2013-10-09 22:22 - 00688992 ____R (Swearware) C:\Users\becca\Downloads\dds (1).com
2013-10-09 22:21 - 2013-10-09 22:22 - 00688992 _____ (Swearware) C:\Users\becca\Downloads\dds.com
2013-10-09 22:20 - 2013-10-09 22:20 - 00688992 ____R (Swearware) C:\Users\becca\Downloads\dds.scr
2013-10-09 22:17 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 22:17 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 22:16 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 22:16 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 22:16 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 22:16 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 22:16 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 22:16 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 22:16 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 22:16 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 22:16 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 22:16 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 22:16 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 22:16 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 22:16 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 22:16 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 22:16 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 22:16 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 22:16 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 22:16 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 22:16 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 22:16 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 22:16 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 22:16 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 22:16 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 22:16 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 22:16 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 22:16 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 22:16 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 22:16 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 22:16 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 22:16 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 22:16 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 22:16 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 22:16 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 22:16 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 22:16 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 22:16 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 22:16 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 22:16 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 22:16 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 22:16 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 22:15 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 22:15 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 22:15 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 22:15 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-07 23:26 - 2013-10-07 23:27 - 00814864 _____ C:\Users\becca\Downloads\Subway Surfers Setup%CH_52537b6c61198666998572_.exe
2013-10-06 20:09 - 2013-10-06 20:09 - 00002202 _____ C:\Users\Public\Desktop\The Sims™ Medieval.lnk
2013-10-06 19:55 - 2013-10-06 19:55 - 00003310 _____ C:\Windows\System32\Tasks\{431B34A4-A49F-4429-8DE5-619091575E5D}
2013-09-21 12:13 - 2013-09-21 12:20 - 163863904 _____ (                                                            ) C:\Users\becca\Downloads\HP-CNB.3.5.5822.22213__YUC120917-01_Normal.exe
2013-09-15 16:58 - 2013-09-15 16:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-11 10:42 - 2013-09-11 10:42 - 00000000 ____D C:\db3b12530b77b2ccf3247e8f
2013-09-10 19:49 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-10 19:49 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-10 19:49 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-10 19:49 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-10 19:49 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-10 19:49 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-10 19:49 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 19:49 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 19:49 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-10 19:49 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 19:49 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-10 19:49 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
 
==================== One Month Modified Files and Folders =======
 
2013-10-10 23:35 - 2013-10-10 23:35 - 00000000 ____D C:\FRST
2013-10-10 23:34 - 2013-10-10 23:34 - 01954124 _____ (Farbar) C:\Users\becca\Downloads\FRST64.exe
2013-10-10 23:34 - 2012-03-15 23:08 - 01603920 _____ C:\Windows\WindowsUpdate.log
2013-10-10 23:33 - 2013-10-10 23:33 - 00000212 _____ C:\Users\becca\Documents\eset.txt
2013-10-10 23:33 - 2013-08-02 11:20 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-10 23:33 - 2013-07-08 03:59 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForbecca
2013-10-10 23:33 - 2013-07-08 03:59 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForbecca.job
2013-10-10 21:58 - 2013-10-10 21:57 - 02347384 _____ (ESET) C:\Users\becca\Downloads\esetsmartinstaller_enu (1).exe
2013-10-10 21:00 - 2009-07-14 00:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-10 21:00 - 2009-07-14 00:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-10 20:58 - 2009-07-14 01:13 - 00782900 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 20:56 - 2013-10-10 20:56 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-10 20:56 - 2013-10-10 20:55 - 02347384 _____ (ESET) C:\Users\becca\Downloads\esetsmartinstaller_enu.exe
2013-10-10 20:54 - 2013-10-10 20:54 - 00003830 _____ C:\Users\becca\Desktop\AdwCleaner[s0].txt
2013-10-10 20:53 - 2013-10-10 20:53 - 00000000 ____D C:\Users\becca\AppData\Local\AVG Secure Search
2013-10-10 20:53 - 2013-08-02 11:20 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-10 20:53 - 2010-11-20 23:47 - 00912356 _____ C:\Windows\PFRO.log
2013-10-10 20:53 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-10 20:53 - 2009-07-14 00:51 - 00044277 _____ C:\Windows\setupact.log
2013-10-10 20:52 - 2013-10-09 22:31 - 00000000 ____D C:\AdwCleaner
2013-10-10 20:50 - 2013-10-10 20:50 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-10 20:50 - 2013-10-10 20:50 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-10-10 20:50 - 2013-10-10 20:50 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2013-10-10 20:50 - 2013-10-10 20:50 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-10 20:49 - 2013-10-10 20:49 - 00894600 _____ (CNET Download.com) C:\Users\becca\Downloads\cbsidlm-cbsi134-AdwCleaner-SEO-75851221.exe
2013-10-10 20:47 - 2013-10-10 20:45 - 00008256 _____ C:\Users\becca\Desktop\JRT.txt
2013-10-10 20:37 - 2013-10-10 20:37 - 01032220 _____ (Thisisu) C:\Users\becca\Downloads\JRT.exe
2013-10-10 20:37 - 2013-10-10 20:37 - 00000000 ____D C:\Windows\ERUNT
2013-10-10 20:36 - 2013-10-10 20:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-10 20:36 - 2013-10-10 20:06 - 00000000 ____D C:\Users\becca\Desktop\mbar
2013-10-10 20:06 - 2013-10-10 20:05 - 12907592 _____ (Malwarebytes Corp.) C:\Users\becca\Downloads\mbar-1.07.0.1005.exe
2013-10-10 16:18 - 2013-07-08 04:00 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FA883F4-6E4F-41C1-8534-91BE246FE0CC}
2013-10-10 11:42 - 2013-10-10 11:42 - 00024187 _____ C:\ComboFix.txt
2013-10-10 11:42 - 2013-10-10 11:02 - 00000000 ____D C:\Qoobox
2013-10-10 11:39 - 2013-10-10 11:01 - 00000000 ____D C:\Windows\erdnt
2013-10-10 11:38 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2013-10-10 11:01 - 2013-10-10 11:00 - 05131844 ____R (Swearware) C:\Users\becca\Downloads\ComboFix.exe
2013-10-10 10:57 - 2009-07-14 00:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 10:56 - 2013-07-24 18:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 10:56 - 2013-07-24 18:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 08:57 - 2013-07-09 00:57 - 00775514 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 08:50 - 2013-08-15 09:50 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 08:48 - 2013-07-30 08:39 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 22:31 - 2013-10-09 22:30 - 01048960 _____ C:\Users\becca\Downloads\AdwCleaner.exe
2013-10-09 22:23 - 2013-10-09 22:23 - 00023120 _____ C:\Users\becca\Desktop\dds.txt
2013-10-09 22:23 - 2013-10-09 22:23 - 00007499 _____ C:\Users\becca\Desktop\attach.txt
2013-10-09 22:22 - 2013-10-09 22:22 - 00688992 ____R (Swearware) C:\Users\becca\Downloads\dds (1).com
2013-10-09 22:22 - 2013-10-09 22:21 - 00688992 _____ (Swearware) C:\Users\becca\Downloads\dds.com
2013-10-09 22:20 - 2013-10-09 22:20 - 00688992 ____R (Swearware) C:\Users\becca\Downloads\dds.scr
2013-10-07 23:27 - 2013-10-07 23:26 - 00814864 _____ C:\Users\becca\Downloads\Subway Surfers Setup%CH_52537b6c61198666998572_.exe
2013-10-06 20:11 - 2013-07-08 04:44 - 00000000 ____D C:\Users\becca\Documents\Electronic Arts
2013-10-06 20:09 - 2013-10-06 20:09 - 00002202 _____ C:\Users\Public\Desktop\The Sims™ Medieval.lnk
2013-10-06 19:57 - 2013-07-08 04:04 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-10-06 19:57 - 2011-07-12 23:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-06 19:55 - 2013-10-06 19:55 - 00003310 _____ C:\Windows\System32\Tasks\{431B34A4-A49F-4429-8DE5-619091575E5D}
2013-10-06 19:55 - 2013-07-08 13:35 - 00000000 ____D C:\Users\becca\AppData\Local\CrashDumps
2013-10-06 01:00 - 2013-07-08 03:59 - 00003708 _____ C:\Windows\System32\Tasks\Registration
2013-10-04 01:43 - 2013-08-02 11:21 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-27 13:41 - 2013-07-29 10:42 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBECCA-HP$
2013-09-27 13:41 - 2013-07-29 10:42 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForBECCA-HP$.job
2013-09-26 20:20 - 2013-07-09 00:57 - 00000000 ____D C:\Users\becca\AppData\Roaming\SoftGrid Client
2013-09-22 19:28 - 2013-10-10 08:53 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 19:28 - 2013-10-10 08:53 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 19:27 - 2013-10-10 08:53 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 19:27 - 2013-10-10 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 19:27 - 2013-10-10 08:53 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 19:27 - 2013-10-10 08:53 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 19:27 - 2013-10-10 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 19:27 - 2013-10-10 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 19:27 - 2013-10-10 08:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-22 19:27 - 2013-10-10 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-22 19:27 - 2013-10-10 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-22 19:27 - 2013-10-10 08:53 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 19:27 - 2013-10-10 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-22 18:55 - 2013-10-10 08:53 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 18:55 - 2013-10-10 08:53 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 18:55 - 2013-10-10 08:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-22 18:54 - 2013-10-10 08:53 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 18:54 - 2013-10-10 08:53 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 18:54 - 2013-10-10 08:53 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 18:54 - 2013-10-10 08:53 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 18:54 - 2013-10-10 08:53 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 18:54 - 2013-10-10 08:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 18:54 - 2013-10-10 08:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 18:54 - 2013-10-10 08:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-22 18:54 - 2013-10-10 08:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-22 18:54 - 2013-10-10 08:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 18:54 - 2013-10-10 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 12:20 - 2013-09-21 12:13 - 163863904 _____ (                                                            ) C:\Users\becca\Downloads\HP-CNB.3.5.5822.22213__YUC120917-01_Normal.exe
2013-09-21 12:16 - 2013-07-09 00:55 - 00000000 ____D C:\Users\becca\Documents\Youcam
2013-09-20 23:38 - 2013-10-10 08:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-20 23:30 - 2013-10-10 08:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-20 22:48 - 2013-10-10 08:53 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-20 22:39 - 2013-10-10 08:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-18 12:41 - 2011-07-12 23:37 - 00000000 ____D C:\ProgramData\Adobe
2013-09-15 16:58 - 2013-09-15 16:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-13 21:10 - 2013-10-09 22:16 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-11 20:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-09-11 13:47 - 2013-07-09 00:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-11 13:40 - 2013-07-08 04:00 - 00000000 ___RD C:\Users\becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 13:40 - 2013-07-08 04:00 - 00000000 ___RD C:\Users\becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 10:42 - 2013-09-11 10:42 - 00000000 ____D C:\db3b12530b77b2ccf3247e8f
 
Some content of TEMP:
====================
C:\Users\becca\AppData\Local\Temp\oi_{57F7B302-5805-4879-9473-025C80412D05}.exe
C:\Users\becca\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-01 23:55
 
==================== End Of Log ============================
 
Addition.txt
 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013

Ran by becca at 2013-10-10 23:37:10
Running from C:\Users\becca\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe Flash Player 10 ActiveX (x32 Version: 10.3.181.14)
Adobe Reader X MUI (x32 Version: 10.0.0)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
Ask Toolbar (x32 Version: 12.3.0.7)
AVG SafeGuard toolbar (x32 Version: 17.1.0.27)
Bejeweled 3 (x32 Version: 2.2.0.97)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.97)
Blio (x32 Version: 2.2.6699)
Bounce Symphony (x32 Version: 2.2.0.97)
Cake Mania (x32 Version: 2.2.0.95)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compaq Setup Manager (x32 Version: 1.1.13476.3753)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
CyberLink YouCam (x32 Version: 3.5.1.4119)
D3DX10 (x32 Version: 15.4.2368.0902)
DownloadTerms (HKCU Version: 1.0)
ESET Online Scanner v3 (x32)
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1)
Evernote v. 4.2.3 (x32 Version: 4.2.3.22)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.97)
Google Chrome (x32 Version: 30.0.1599.69)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP Games (x32 Version: 1.0.2.5)
HP Launch Box (Version: 1.0.11)
HP MovieStore (x32 Version: 1.0.057)
HP MovieStore (x32 Version: 2.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.8)
HP Quick Launch (x32 Version: 2.7.2)
HP QuickWeb (x32 Version: 3.1.0.9742)
HP Setup (x32 Version: 8.7.4751.3798)
HP Software Framework (x32 Version: 4.1.13.1)
HP Support Assistant (x32 Version: 7.0.39.15)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2353)
Intel® Rapid Storage Technology (x32 Version: 10.0.0.1046)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97)
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95)
Origin (x32 Version: 8.4.1.210)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.95)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6287)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.77)
REALTEK Wireless LAN Driver (x32 Version: 1.00.11.0706)
Recovery Manager (x32 Version: 2.0.0)
RoxioNow Player (x32 Version: 1.9.5.103)
Slingo Supreme (x32 Version: 2.2.0.97)
Strongvault Online Backup (x32 Version: 2.5.0.5)
swMSM (x32 Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.11.0)
The Sims Medieval (x32 Version: 2.0.113)
The Sims™ 3 (x32 Version: 1.55.4)
The Sims™ 3 Supernatural (x32 Version: 15.0.135)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97)
WildTangent Games App for HP (x32 Version: 4.0.10.25)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma Deluxe (x32 Version: 2.2.0.95)
Zylom Games Player Plugin (x32)
 
==================== Restore Points  =========================
 
06-10-2013 23:51:38 Removed TheSims3EP4
06-10-2013 23:53:28 Removed The Sims 3 Late Night
06-10-2013 23:55:20 Removed TheSims3EP7
06-10-2013 23:57:48 Installed The Sims Medieval
08-10-2013 16:41:59 Windows Update
10-10-2013 02:03:43 Windows Update
10-10-2013 02:14:26 Installed The Sims Medieval
10-10-2013 12:45:08 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2013-10-10 11:18 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1898A6C8-19A5-4711-8916-81E7DCF77797} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7EAD5D3C-9D3A-4F19-96A8-D78404FAAB2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)
Task: {859D515F-2E98-4F79-96E3-0D967D14E57D} - System32\Tasks\HPCeeScheduleForBECCA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {DECA8226-7FDD-4924-BCF9-D2053E1D4816} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-27] ()
Task: {E19D397D-81D3-459E-9EBC-6A7A813BD253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)
Task: {E74FD592-3952-48BF-A728-0345A45B9FAE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {EE50860F-8158-4E85-81C5-28DB3AA1A4B5} - System32\Tasks\HPCeeScheduleForbecca => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBECCA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForbecca.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-04-04 23:18 - 2011-04-04 23:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-24 14:17 - 2013-09-24 14:17 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2013-10-10 20:50 - 2013-10-10 20:50 - 00145072 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.0\SiteSafety.dll
2013-10-04 01:43 - 2013-10-03 02:02 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
2013-10-04 01:43 - 2013-10-03 02:02 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
2013-10-04 01:43 - 2013-10-03 02:03 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-04 01:43 - 2013-10-03 02:03 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-04 01:43 - 2013-10-03 02:02 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
2013-08-15 10:36 - 2013-08-15 10:36 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\cd9a4b4dbc1a4b564ebed696e18cadb6\IsdiInterop.ni.dll
2012-03-15 23:09 - 2010-09-13 21:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/10/2013 11:34:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/10/2013 09:58:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/10/2013 09:58:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/10/2013 09:57:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/10/2013 08:56:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/10/2013 08:56:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/10/2013 08:53:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/10/2013 11:33:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (10/10/2013 08:53:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
 
Microsoft Office Sessions:
=========================
Error: (10/10/2013 11:34:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\becca\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (10/10/2013 09:58:23 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\becca\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (10/10/2013 09:58:18 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\becca\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (10/10/2013 09:57:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\becca\Downloads\esetsmartinstaller_enu.exe
 
Error: (10/10/2013 08:56:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\becca\Downloads\esetsmartinstaller_enu.exe
 
Error: (10/10/2013 08:56:47 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\becca\Downloads\esetsmartinstaller_enu.exe
 
Error: (10/10/2013 08:53:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-10 11:13:25.411
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-10 11:13:25.350
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 67%
Total physical RAM: 1899.86 MB
Available physical RAM: 625.13 MB
Total Pagefile: 3799.72 MB
Available Pagefile: 2251.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.47 GB) (Free:223.11 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:2.88 GB) FAT32
Drive f: (TSimsM) (CDROM) (Total:5.11 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E9B0A126)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

  • Root Admin

Please do not use Quote tags when posting logs.  Just post directly.
 
 
Please go into your Control Panel, Add/Remove and uninstall the following


Ask Toolbar
AVG SafeGuard toolbar
Java 7 Update 25
Java Auto Updater




Next, Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013

Ran by becca at 2013-10-11 11:19:43 Run:1

Running from C:\Users\becca\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.amazon.co...field-keywords={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...ebay.com/?_nkw={searchTerms}

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.0.27\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.0.27\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)

Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

R2 vToolbarUpdater17.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.0\ToolbarUpdater.exe [1643696 2013-10-10] (AVG Secure Search)

C:\Users\becca\AppData\Local\Temp\oi_{57F7B302-5805-4879-9473-025C80412D05}.exe

C:\Users\becca\AppData\Local\Temp\Quarantine.exe

TTask: {7EAD5D3C-9D3A-4F19-96A8-D78404FAAB2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)

Task: {859D515F-2E98-4F79-96E3-0D967D14E57D} - System32\Tasks\HPCeeScheduleForBECCA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

Task: {E19D397D-81D3-459E-9EBC-6A7A813BD253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02] (Google Inc.)

Task: {EE50860F-8158-4E85-81C5-28DB3AA1A4B5} - System32\Tasks\HPCeeScheduleForbecca => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForBECCA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\HPCeeScheduleForbecca.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

 

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D68A0CEC-F166-40A1-9FE0-9615AF106A86} => Key deleted successfully.

HKCR\CLSID\{D68A0CEC-F166-40A1-9FE0-9615AF106A86} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.

HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.

HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.

HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully.

HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.

HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.

vToolbarUpdater17.1.0 => Service deleted successfully.

C:\Users\becca\AppData\Local\Temp\oi_{57F7B302-5805-4879-9473-025C80412D05}.exe => Moved successfully.

C:\Users\becca\AppData\Local\Temp\Quarantine.exe => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\T{7EAD5D3C-9D3A-4F19-96A8-D78404FAAB2E} => Key not found.

C:\Windows\TSystem32\Tasks\GoogleUpdateTaskMachineCore not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeT\GoogleUpdateTaskMachineCore => Key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{859D515F-2E98-4F79-96E3-0D967D14E57D} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{859D515F-2E98-4F79-96E3-0D967D14E57D} => Key deleted successfully.

C:\Windows\System32\Tasks\HPCeeScheduleForBECCA-HP$ => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForBECCA-HP$ => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E19D397D-81D3-459E-9EBC-6A7A813BD253} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E19D397D-81D3-459E-9EBC-6A7A813BD253} => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE50860F-8158-4E85-81C5-28DB3AA1A4B5} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE50860F-8158-4E85-81C5-28DB3AA1A4B5} => Key deleted successfully.

C:\Windows\System32\Tasks\HPCeeScheduleForbecca => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForbecca => Key deleted successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

C:\Windows\Tasks\HPCeeScheduleForBECCA-HP$.job => Moved successfully.

C:\Windows\Tasks\HPCeeScheduleForbecca.job => Moved successfully.

 

 

The system needs a manual reboot. 

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Please restart the computer.

 

After the restart please run the following and again restart.

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.