Jump to content

PC Tech Hotline malware

morpheusneo
 Share

Recommended Posts

morpheusneo

morpheusneo

Posted
Posted

Hello, I have a laptop that has the PC Tech Holine malware on it. There is no uninstall option for the program and no uninstall file in the directory with the PC Tech Hotine program in it. I can not access the internet with the laptop, it will connect to the router and windows 8 shows connection to the internet but when opening a browser or if any other program tries to access the internet, it fails to. I have ran malware bytes, adwcleaner, and roguekiller to no avail. Whenever I reboot the computer it is still there. I can exit it from the icon on the windows toolbar and end the process in task manager and it won't show any more but I still have no access to the internet and when I reboot everything is back. Please help. Here are my frst.txt and addition.txt. Thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Morgan (administrator) on SAUNDERSFAMILY on 19-05-2014 15:49:19
Running from C:\Users\Morgan\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7165000 2013-12-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [738496 2013-10-23] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1905000 2014-02-13] (Crawler, LLC)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1469105241-3891640696-1443267712-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-05] (CyberLink Corp.)
HKU\S-1-5-21-1469105241-3891640696-1443267712-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-06] (Microsoft Corporation)
HKU\S-1-5-21-1469105241-3891640696-1443267712-1001\...\MountPoints2: {407ae941-3c29-11e3-be77-d4c9ef69899b} - "F:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-1469105241-3891640696-1443267712-1001\...\MountPoints2: {616391e5-c4e9-11e2-be72-806e6f6e6963} - "E:\SETUP.EXE"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP5FD5A9E0-0845-4417-8416-34099E3F6AD5&SSPV=C21110_sp_ie
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {C6D0F182-4018-4974-918E-5E217285FABA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {C6D0F182-4018-4974-918E-5E217285FABA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {954F96F1-A3B0-46B9-A1C0-ABFED6950D86} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP5FD5A9E0-0845-4417-8416-34099E3F6AD5&q={searchTerms}&SSPV=C21110_sp_ie
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {954F96F1-A3B0-46B9-A1C0-ABFED6950D86} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - {C6D0F182-4018-4974-918E-5E217285FABA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: saavErroN - {1125AA76-230C-6003-712A-442D6B504140} - C:\ProgramData\saavErroN\SU.x64.dll ()
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: topobuyer - {5F4795F3-ACF2-3DAB-36BA-0A72909C8030} - C:\ProgramData\topobuyer\L1RCTqz.x64.dll ()
BHO: McAfee SafeKey Vault - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
BHO: FlEXibbleShopper - {9F50C283-D475-ECA9-3025-DB07D102D1C4} - C:\ProgramData\FlEXibbleShopper\_0DJVnr.x64.dll ()
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: saavErroN - {1125AA76-230C-6003-712A-442D6B504140} - C:\ProgramData\saavErroN\SU.dll No File
BHO-x32: Perk Prize Panel - {47F3EB15-C230-4A0B-BE4B-D527FF483B48} - C:\Program Files (x86)\Perk Prize Panel\pp.dll ()
BHO-x32: topobuyer - {5F4795F3-ACF2-3DAB-36BA-0A72909C8030} - C:\ProgramData\topobuyer\L1RCTqz.dll No File
BHO-x32: McAfee SafeKey Vault - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
BHO-x32: FlEXibbleShopper - {9F50C283-D475-ECA9-3025-DB07D102D1C4} - C:\ProgramData\FlEXibbleShopper\_0DJVnr.dll No File
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Fast Free Converter 4.1 - {C3E50543-BC36-4C80-8070-38A97E02DEB2} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll ()
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 2.2.2.1
Tcpip\Parameters: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{00277E9E-F819-47DF-A8BA-6F983B301E22}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{97e1de57-d6fa-11e1-be62-806e6f6e6963}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{9ED20EF3-56FA-42F1-942B-19D738664458}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{B7519B3B-C727-48FF-A0FB-62272EDFB86A}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{C02CAB3E-C922-4371-A1DD-E72CF76EF979}: [NameServer]184.172.114.130,208.43.110.90

FireFox:
========
FF ProfilePath: C:\Users\Morgan\AppData\Roaming\Mozilla\Firefox\Profiles\x9xzglo7.default
FF user.js: detected! => C:\Users\Morgan\AppData\Roaming\Mozilla\Firefox\Profiles\x9xzglo7.default\user.js
FF NewTab: hxxp://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=C21110_sp_ff&Lay=1&UM=4&UP=SP5FD5A9E0-0845-4417-8416-34099E3F6AD5
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://hsrd.yahoo.com/_ylt=AjA5f4fNexpo3bVw3doezA2bvZx4/RV=1/RE=1395370088/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly93d3cueWFob28uY29tLw--/RS=%5EADACwqh6kF5F_adcsRCksgR9eMNJ0E-
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A111US0&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: saavErroN - C:\Users\Morgan\AppData\Roaming\Mozilla\Firefox\Profiles\x9xzglo7.default\Extensions\b-dani@oeaudm-iia.org [2014-02-13]
FF Extension: WordExtra - C:\Users\Morgan\AppData\Roaming\Mozilla\Firefox\Profiles\x9xzglo7.default\Extensions\korey@markus.me [2014-03-03]
FF Extension: ExeValidator - C:\Users\Morgan\AppData\Roaming\Mozilla\Firefox\Profiles\x9xzglo7.default\Extensions\mcqh4_oaoo@httgoiuzcj-.co.uk [2014-02-02]
FF Extension: topobuyer - C:\Users\Morgan\AppData\Roaming\Mozilla\Firefox\Profiles\x9xzglo7.default\Extensions\zslrayou3au@iod-.edu [2014-01-05]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com
FF Extension: No Name - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com [2013-11-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-19]
FF HKCU\...\Firefox\Extensions: [pp@perk.com] - C:\Program Files (x86)\Perk Prize Panel\FF\

==================== Services (Whitelisted) =================

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
S2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 PCTechHotlineSvc; C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-02-13] (Crawler, LLC)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
S2 0034571398038359mcinstcleanup; C:\Windows\TEMP\003457~1.EXE -cleanup -nolog [X]
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1516104 2013-02-08] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-12-02] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-19 15:49 - 2014-05-19 15:50 - 00023140 _____ () C:\Users\Morgan\Desktop\FRST.txt
2014-05-19 15:47 - 2014-05-19 15:35 - 02067456 _____ (Farbar) C:\Users\Morgan\Desktop\FRST64.exe
2014-05-19 15:42 - 2014-05-19 15:49 - 00000000 ____D () C:\FRST
2014-05-19 15:15 - 2014-05-19 15:48 - 00000142 _____ () C:\Users\Morgan\daemonprocess.txt
2014-05-19 15:13 - 2014-05-19 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-18 13:17 - 2014-05-18 13:17 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 13:06 - 2014-05-18 13:11 - 00000000 ____D () C:\AdwCleaner
2014-05-18 12:57 - 2014-05-18 12:57 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-17 15:01 - 2014-05-18 15:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 14:56 - 2014-05-17 15:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 14:56 - 2014-05-17 14:56 - 00000000 ____D () C:\Users\Morgan\AppData\Roaming\Malwarebytes
2014-04-20 21:39 - 2014-04-20 21:39 - 108199604 _____ () C:\Users\Morgan\Documents\Trout In the Classroom Presentation 2014.pptx

==================== One Month Modified Files and Folders =======

2014-05-19 15:50 - 2014-05-19 15:49 - 00023140 _____ () C:\Users\Morgan\Desktop\FRST.txt
2014-05-19 15:49 - 2014-05-19 15:42 - 00000000 ____D () C:\FRST
2014-05-19 15:48 - 2014-05-19 15:15 - 00000142 _____ () C:\Users\Morgan\daemonprocess.txt
2014-05-19 15:43 - 2012-07-26 03:28 - 00942930 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 15:39 - 2012-07-26 03:21 - 00039171 _____ () C:\Windows\setupact.log
2014-05-19 15:38 - 2013-10-19 19:02 - 01680316 _____ () C:\Windows\WindowsUpdate.log
2014-05-19 15:35 - 2014-05-19 15:47 - 02067456 _____ (Farbar) C:\Users\Morgan\Desktop\FRST64.exe
2014-05-19 15:31 - 2013-10-28 23:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 15:31 - 2013-10-23 16:30 - 00000326 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-05-19 15:16 - 2013-10-23 16:31 - 00000000 ____D () C:\Users\Morgan\AppData\Local\Mobogenie
2014-05-19 15:15 - 2013-12-09 22:29 - 00000000 ____D () C:\Users\Morgan\Tracing
2014-05-19 15:15 - 2013-10-19 19:02 - 00000000 ____D () C:\Users\Morgan
2014-05-19 15:13 - 2014-05-19 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-19 15:13 - 2013-10-19 19:40 - 00001851 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2014-05-19 14:57 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-18 15:57 - 2013-12-27 15:41 - 00000366 _____ () C:\Windows\Tasks\HPCeeScheduleForMorgan.job
2014-05-18 15:57 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 15:56 - 2013-10-23 16:29 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2014-05-18 15:55 - 2012-07-26 04:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-18 15:55 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-18 15:55 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-18 15:55 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-18 15:54 - 2013-10-23 16:30 - 00000000 ____D () C:\Users\Morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-05-18 15:54 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-05-18 15:53 - 2014-02-13 21:11 - 00000000 ____D () C:\ProgramData\saavErroN
2014-05-18 15:53 - 2014-01-05 19:14 - 00000000 ____D () C:\ProgramData\topobuyer
2014-05-18 15:53 - 2014-01-05 19:14 - 00000000 ____D () C:\ProgramData\FlEXibbleShopper
2014-05-18 15:52 - 2014-05-17 15:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 15:52 - 2014-04-08 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-18 15:52 - 2013-10-23 16:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-18 15:52 - 2013-10-23 16:29 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-05-18 15:52 - 2013-10-23 16:29 - 00000000 ____D () C:\Program Files (x86)\Fast Free Converter
2014-05-18 15:49 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\registration
2014-05-18 15:48 - 2013-10-23 16:30 - 00000000 ____D () C:\Users\Morgan\AppData\Roaming\UpdaterEX
2014-05-18 15:48 - 2013-10-19 19:34 - 00000000 ____D () C:\Users\Morgan\AppData\Roaming\Macromedia
2014-05-18 15:48 - 2012-07-26 01:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-05-18 15:45 - 2014-01-25 09:28 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-05-18 15:45 - 2014-01-25 09:28 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-05-18 15:45 - 2013-10-23 16:31 - 00000000 ____D () C:\Users\Morgan\AppData\Local\Mozilla
2014-05-18 15:43 - 2013-10-19 19:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-18 15:42 - 2013-10-19 19:39 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-18 13:17 - 2014-05-18 13:17 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 13:13 - 2012-08-03 18:23 - 00695248 _____ () C:\Windows\PFRO.log
2014-05-18 13:11 - 2014-05-18 13:06 - 00000000 ____D () C:\AdwCleaner
2014-05-18 12:57 - 2014-05-18 12:57 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-17 15:01 - 2014-05-17 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 14:56 - 2014-05-17 14:56 - 00000000 ____D () C:\Users\Morgan\AppData\Roaming\Malwarebytes
2014-05-17 14:48 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-13 17:52 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-13 17:31 - 2013-10-23 16:37 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-13 17:23 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-07 18:53 - 2013-10-19 19:02 - 00000000 ____D () C:\Users\Morgan\AppData\Local\Packages
2014-05-07 17:36 - 2013-10-19 19:06 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{18EC7129-ED8B-42F6-B391-9EC6ED89BB06}
2014-05-05 20:31 - 2013-10-28 23:51 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-05 20:23 - 2013-12-27 15:41 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMorgan
2014-05-05 20:23 - 2013-10-23 16:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-24 21:20 - 2013-10-23 17:24 - 00000000 ____D () C:\Users\Morgan\AppData\Roaming\Epson
2014-04-23 16:12 - 2013-03-16 14:42 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-04-23 16:11 - 2012-08-03 20:02 - 00000000 ____D () C:\SWSetup
2014-04-20 21:39 - 2014-04-20 21:39 - 108199604 _____ () C:\Users\Morgan\Documents\Trout In the Classroom Presentation 2014.pptx

Some content of TEMP:
====================
C:\Users\Morgan\AppData\Local\Temp\Extract.exe
C:\Users\Morgan\AppData\Local\Temp\FastFreeConverterUpdt_v4.4.exe
C:\Users\Morgan\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Morgan\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Morgan\AppData\Local\Temp\helper.exe
C:\Users\Morgan\AppData\Local\Temp\nsi6D94.exe
C:\Users\Morgan\AppData\Local\Temp\nsk7277.exe
C:\Users\Morgan\AppData\Local\Temp\nst3B55.exe
C:\Users\Morgan\AppData\Local\Temp\nsu3EFF.exe
C:\Users\Morgan\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Morgan\AppData\Local\Temp\oi_{81C77E44-D2A0-4937-AC51-415451D12A30}.exe
C:\Users\Morgan\AppData\Local\Temp\Setup.X86.en-US_HomeStudentRetail_96b23958-3cc9-458f-aa63-7ba56fdafb8f_TX_PR_.exe
C:\Users\Morgan\AppData\Local\Temp\SP61881.exe
C:\Users\Morgan\AppData\Local\Temp\SP62227.exe
C:\Users\Morgan\AppData\Local\Temp\SP62228.exe
C:\Users\Morgan\AppData\Local\Temp\SP62405.exe
C:\Users\Morgan\AppData\Local\Temp\SP62765.exe
C:\Users\Morgan\AppData\Local\Temp\SP63284.exe
C:\Users\Morgan\AppData\Local\Temp\SP63285.exe
C:\Users\Morgan\AppData\Local\Temp\SP63286.exe
C:\Users\Morgan\AppData\Local\Temp\SP63340.exe
C:\Users\Morgan\AppData\Local\Temp\SP63425.exe
C:\Users\Morgan\AppData\Local\Temp\SP63599.exe
C:\Users\Morgan\AppData\Local\Temp\SP63752.exe
C:\Users\Morgan\AppData\Local\Temp\SP63805.exe
C:\Users\Morgan\AppData\Local\Temp\SP64854.exe
C:\Users\Morgan\AppData\Local\Temp\SP64881.exe
C:\Users\Morgan\AppData\Local\Temp\SP65792.exe
C:\Users\Morgan\AppData\Local\Temp\SPSetup.exe
C:\Users\Morgan\AppData\Local\Temp\sqlite3.exe
C:\Users\Morgan\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Morgan\AppData\Local\Temp\_is22D9.exe
C:\Users\Morgan\AppData\Local\Temp\_is3973.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-17 15:46

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Morgan at 2014-05-19 15:50:55
Running from C:\Users\Morgan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cricut Driver v2.01 (HKLM-x32\...\Cricut Driver v2.01) (Version: 2.01 - Provo Craft & Novelty, Inc.)
Cricut Craft Room® (HKLM-x32\...\com.cricut.Cricut-CraftRoom) (Version: v1.0 build-183 - Provo Craft & Novelty, Inc.)
Cricut Craft Room® (x32 Version: 1.0.183 - Provo Craft & Novelty, Inc.) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.4.6515 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.5.3606 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.4.3202 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.8.5511 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.6.6117 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version:  - SEIKO EPSON Corporation)
Extended Update (HKCU\...\UpdaterEX) (Version:  - ) <==== ATTENTION
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fast Free Converter (HKLM-x32\...\Fast Free Converter) (Version: 4.1 - Fast Free Converter)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{BCE2C284-0B0E-473D-A5BF-9644CC2C67DF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 9.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3055 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.7.1002 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.0.7.1002 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.957 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version:  - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobogenie (HKLM-x32\...\Mobogenie) (Version:  - Mobogenie.com) <==== ATTENTION
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 1.1.9200.007 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

23-04-2014 20:09:25 HPSF Applying updates
11-05-2014 23:14:57 Windows Update
17-05-2014 19:46:59 Windows Update
18-05-2014 19:38:51 Restore Operation

==================== Hosts content: ==========================

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {024B8833-EB18-494C-B60C-A530CCC0922E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-05] (Adobe Systems Incorporated)
Task: {0EAAA93B-358D-4425-A3DC-6EAA41D5DA80} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1469105241-3891640696-1443267712-1001
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C1BB568-E669-41D6-97DB-02D10D358447} - System32\Tasks\HPCeeScheduleForMorgan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {1DCBC838-71EA-45FC-BB3D-5F3DCD751909} - System32\Tasks\UpdaterEX => C:\Users\Morgan\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {30395778-63AE-485E-AE9A-09A0DA356E0B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {5034014C-F9D7-428F-A3A4-72A8A7DB652A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {68EDF267-ABC1-40DB-B48F-387D4EB80C3D} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {69723687-1FF3-4CF2-B910-A0E9FA30A793} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {85AA48FC-751F-4A82-855C-BE8507311A89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {8691778E-04ED-4D68-8C40-834619C66115} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {9F0B9640-72C4-49B1-B195-2C47C4BAFFDB} - System32\Tasks\{E29ABF16-0251-4AC9-B8D0-27CEB8172928} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B75B3D62-750B-46B0-AB59-B71219D5832E} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-30] (Microsoft Corporation)
Task: {B89AA221-60B1-4527-BCA9-032D1D1C76BD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-17] (CyberLink)
Task: {BD67A74C-95FD-4071-806B-5D8140BAB747} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CEF91AFD-4C0D-4226-856A-5473B1960B33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {EA06A5D4-B202-4BA9-850A-5BCF7AA91DE1} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8E3B50D-20F6-476B-BE0D-9E8D7E251155} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-02] (Synaptics Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMorgan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Morgan\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-03-19 20:21 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-19 19:55 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-04-11 16:55 - 2014-04-11 16:55 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-16 15:29 - 2013-01-02 18:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-02-22 09:04 - 2013-02-22 09:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-23 16:30 - 2013-10-23 16:46 - 00738496 _____ () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
2013-05-24 21:37 - 2013-01-14 14:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-10-23 17:00 - 2013-08-05 03:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-10-23 17:01 - 2013-08-05 04:51 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2013-10-23 17:01 - 2013-03-05 23:04 - 01321944 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2013-10-23 17:00 - 2013-08-05 04:51 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2014 03:44:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.5.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1554

Start Time: 01cf739a427c4357

Termination Time: 0

Application Path: F:\FRST64.exe

Report Id: 0ae933ac-df8e-11e3-be8e-d4c9ef69899b

Faulting package full name:

Faulting package-relative application ID:

Error: (05/18/2014 04:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1420) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU004E4.log.

Error: (05/18/2014 03:57:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528.

Error: (05/18/2014 03:57:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1084) Catalog Database: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\CatRoot2\edb000E6.log.

Error: (05/18/2014 03:01:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/18/2014 02:40:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/18/2014 02:28:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1238

Start Time: 01cf72c2bbb76e13

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 2f600bd5-deba-11e3-be92-d4c9ef69899b

Faulting package full name:

Faulting package-relative application ID:

Error: (05/18/2014 01:34:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAUNDERSFAMILY)
Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (05/19/2014 03:26:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PCTechHotlineService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/19/2014 03:12:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C}

Error: (05/18/2014 03:57:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error:
%%2

Error: (05/18/2014 03:57:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FastFreeConverterUpdt service failed to start due to the following error:
%%216

Error: (05/18/2014 03:34:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:25:00 PM on ‎5/‎18/‎2014 was unexpected.

Error: (05/18/2014 03:25:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:11:01 PM on ‎5/‎18/‎2014 was unexpected.

Error: (05/18/2014 02:28:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HPWMISVC service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/18/2014 01:35:59 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/18/2014 01:35:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (05/19/2014 03:44:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe17.5.2014.0155401cf739a427c43570F:\FRST64.exe0ae933ac-df8e-11e3-be8e-d4c9ef69899b

Error: (05/18/2014 04:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1420SRUJet: C:\Windows\system32\SRU\SRU004E4.log-1811 (0xfffff8ed)

Error: (05/18/2014 03:57:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -528

Error: (05/18/2014 03:57:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database1084Catalog Database: C:\Windows\system32\CatRoot2\edb000E6.log-1811 (0xfffff8ed)

Error: (05/18/2014 03:01:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\cricut-craft room\Drivers\Cricut Expression Drivers ia64.exe

Error: (05/18/2014 02:40:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\cricut-craft room\Drivers\Cricut Expression Drivers ia64.exe

Error: (05/18/2014 02:28:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.16628123801cf72c2bbb76e130C:\Windows\Explorer.EXE2f600bd5-deba-11e3-be92-d4c9ef69899b

Error: (05/18/2014 01:34:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAUNDERSFAMILY)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos-2144927151


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3988.27 MB
Available physical RAM: 2158.79 MB
Total Pagefile: 4756.27 MB
Available Pagefile: 2841.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:674.02 GB) (Free:617.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.84 GB) (Free:2.4 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 0D218923)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please create a new system restore point before continuing!

Your' system is loaded with adware.

Please uninstall these programs if possible:
Extended Update
Mobogenie

------------------------------

Download the attached fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

---------------------------

Clean out temp files:
http://corel.force.com/pinnacle/articles/en_US/Master_Article/How-to-delete-temporary-files-from-Windows-8?&source=kba

-------------------------

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

--------------------------------

Download, install, update and run a Threat scan with Malwarebytes Anti-Malware:

Download Malwarebytes from this link only:
http://www.malwarebytes.org/mbam-download.php

Here's a pretty good tutorial on how to use it:
http://malwaretips.com/blogs/scan-malwarebytes-anti-malware-2-0/

If you're using Malwarebytes 2.0, please run a Threat Scan
Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine All that's found

MrC

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.