Keep getting ads on all pages and internet speed has gone real slow

[nima_sherpa]

Please help..

[nima_sherpa]

I'm really sorry for being slow. I wasn't knowing how to post the two attachments.

[nima_sherpa]

Here's Frst.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01

Ran by hp1 (administrator) on NIMA_LEONIE on 02-06-2014 20:52:45

Running from C:\Users\hp1\Desktop

Platform: Windows 8 Single Language (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe

(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

(Docudesk Corporation) C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-08-08] (IDT, Inc.)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-07] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)

HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2442161694-1867086132-3323340639-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

HKU\S-1-5-21-2442161694-1867086132-3323340639-1001\...\Run: [Facebook Update] => C:\Users\hp1\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-10] (Facebook Inc.)

HKU\S-1-5-21-2442161694-1867086132-3323340639-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()

HKU\S-1-5-21-2442161694-1867086132-3323340639-1001\...\Run: [deskPDF Creator] => C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe [2346664 2013-11-02] (Docudesk Corporation)

AppInit_DLLs: C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL => C:\ProgramData\Assistant\Assistant_x64.dll [4395520 2014-03-29] ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1390856039&from=vtt&uid=HitachiXHTS547550A9E384_J2160051KPK7MCKPK7MCX&q={searchTerms}

StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-154348-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)

 

Hosts: Hosts file not detected in the default directory

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{589C6022-C6E1-4197-9FA1-02CAF38653E8}: [NameServer]10.15.19.1,4.2.2.2

 

FireFox:

========

FF ProfilePath: C:\Users\hp1\AppData\Roaming\Mozilla\Firefox\Profiles\tda6zgi4.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: PDF Architect 2 - C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\hp1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\hp1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: hp.com/HPDetect - C:\Users\hp1\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)

FF Extension: NetVideoHunter - C:\Users\hp1\AppData\Roaming\Mozilla\Firefox\Profiles\tda6zgi4.default\Extensions\netvideohunter@netvideohunter.com [2014-03-07]

FF Extension: WeLoveGames  - C:\Users\hp1\AppData\Roaming\Mozilla\Firefox\Profiles\tda6zgi4.default\Extensions\{2b9b4ad6-becb-4891-8d9d-6686487a0aa8} [2014-06-01]

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-10-10]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ []

 

Chrome: 

=======

CHR DefaultSearchKeyword: google.co.in

CHR Extension: (Google Docs) - C:\Users\hp1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-09]

CHR Extension: (Google Drive) - C:\Users\hp1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-09]

CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\hp1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-16]

CHR Extension: (YouTube) - C:\Users\hp1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-09]

CHR Extension: (Adblock Plus) - C:\Users\hp1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-01]

CHR Extension: (Google Search) - C:\Users\hp1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-09]

CHR Extension: (AddBlocKnWaTch) - C:\Users\hp1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcafohaaolpcbgalddehiohiljbljfna [2014-02-09]

CHR Extension: (Google Wallet) - C:\Users\hp1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09]

CHR Extension: (Gmail) - C:\Users\hp1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-09]

CHR Extension: (NewSoaver) - C:\ProgramData\eholgdgaancdjnfdjgbjhkfolhhfjkdl [2014-01-01]

CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-02]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)

R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)

R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)

S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)

S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2014-01-28] (Taiwan Shui Mu Chih Ching Technology Limited.)

S2 699fd52f; "C:\Windows\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service

S2 Wpm;  [X]

 

==================== Drivers (Whitelisted) ====================

 

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-24] (Symantec Corporation)

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)

R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)

U4 BthAvrcpTg; 

U4 BthHFEnum; 

U4 bthhfhid; 

S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)

R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)

R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131011.001\IDSvia64.sys [520280 2013-10-10] (Symantec Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131013.002\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131013.002\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)

S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)

R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-05-17] (CACE Technologies, Inc.)

S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)

R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)

R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)

R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)

R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-21] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-10] (Symantec Corporation)

R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)

R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-02 20:52 - 2014-06-02 20:53 - 00021482 _____ () C:\Users\hp1\Desktop\FRST.txt

2014-06-02 20:52 - 2014-06-02 20:52 - 00000000 ____D () C:\FRST

2014-06-02 20:50 - 2014-06-02 20:50 - 22150984 _____ () C:\Users\hp1\Downloads\NRI_3.avi.crdownload

2014-06-02 16:58 - 2014-06-01 19:53 - 02067456 _____ (Farbar) C:\Users\hp1\Desktop\FRST64.exe

2014-06-02 16:55 - 2014-06-02 16:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-02 16:55 - 2014-06-02 16:55 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-02 16:55 - 2014-06-02 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-02 16:55 - 2014-06-02 16:55 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-02 16:55 - 2014-06-02 16:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-02 16:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-02 16:55 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-02 16:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-02 16:51 - 2014-06-02 16:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\hp1\Downloads\mbam-setup-2.0.2.1012 (1).exe

2014-06-01 22:56 - 2014-06-01 22:56 - 00001072 _____ () C:\Users\Public\Desktop\Collage Maker 3.80.lnk

2014-06-01 22:56 - 2014-05-30 23:18 - 526504904 _____ () C:\Users\hp1\Desktop\Blended.flv

2014-06-01 22:55 - 2014-06-01 22:56 - 00000000 ____D () C:\Users\hp1\Documents\Collage Maker Projects

2014-06-01 22:55 - 2014-06-01 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collage Maker 3.80

2014-06-01 22:55 - 2014-06-01 22:55 - 00000000 ____D () C:\Program Files (x86)\Collage Maker 3.80

2014-06-01 22:54 - 2014-06-01 22:54 - 00000000 ___RD () C:\Users\hp1\Desktop\New folder

2014-06-01 22:51 - 2014-06-01 22:54 - 27515904 _____ () C:\Users\hp1\Desktop\CollageMaker3.8.msi

2014-06-01 22:28 - 2014-06-01 22:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\hp1\Downloads\mbam-setup-2.0.2.1012.exe

2014-05-27 01:12 - 2014-05-27 01:12 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity

2014-05-27 01:11 - 2014-05-27 01:11 - 00527423 _____ ( ) C:\Users\hp1\Downloads\Lame_v3.99.3_for_Windows.exe

2014-05-27 00:54 - 2014-05-27 01:26 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\Audacity

2014-05-27 00:54 - 2014-05-27 00:54 - 00001023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2014-05-27 00:53 - 2014-05-27 00:54 - 00000000 ____D () C:\Program Files (x86)\Audacity

2014-05-27 00:50 - 2014-05-27 00:53 - 22180353 _____ (Audacity Team ) C:\Users\hp1\Downloads\audacity-win-2.0.5.exe

2014-05-27 00:24 - 2014-05-27 15:42 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\TeamViewer

2014-05-27 00:24 - 2014-05-27 00:24 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

2014-05-26 16:34 - 2014-05-26 16:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-26 16:28 - 2014-05-31 11:01 - 00008152 _____ () C:\Users\hp1\Documents\bookmarks_5_26_14.html

2014-05-26 16:11 - 2014-05-27 00:41 - 00000905 _____ () C:\Users\hp1\AppData\Roaming\trace_FilterInstaller.txt

2014-05-26 16:11 - 2014-05-27 00:41 - 00000000 _____ () C:\Users\hp1\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt

2014-05-26 16:11 - 2014-05-26 16:11 - 00001167 _____ () C:\Users\hp1\AppData\Roaming\trace_FilterInstaller.1.txt

2014-05-26 16:10 - 2014-05-26 16:10 - 00752176 _____ (NCH Software) C:\Users\hp1\Downloads\vxlsetupfree.exe

2014-05-26 03:37 - 2014-05-26 03:58 - 00000000 ____D () C:\Users\hp1\Downloads\DSpeech

2014-05-26 03:03 - 2014-05-26 03:03 - 00359891 _____ () C:\Users\hp1\Downloads\pilotscafe.apps.navtrainer.apk

2014-05-25 15:45 - 2014-05-25 15:45 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\HewlettPackard

2014-05-25 15:44 - 2014-05-25 15:44 - 01099264 _____ () C:\Users\hp1\Downloads\HPDetect.msi

2014-05-25 15:33 - 2014-05-25 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2

2014-05-25 15:32 - 2014-05-25 15:32 - 00000000 ____D () C:\Users\hp1\Documents\PDF Architect 2

2014-05-25 15:32 - 2014-05-25 15:32 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2

2014-05-25 15:29 - 2014-05-25 15:33 - 00000000 ____D () C:\Program Files (x86)\PDFCreator

2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\pdfforge

2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\PDF Architect 2

2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator

2014-05-25 15:29 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX

2014-05-25 15:29 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll

2014-05-25 15:29 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL

2014-05-25 15:26 - 2014-05-25 15:28 - 27843432 _____ (pdfforge ) C:\Users\hp1\Downloads\PDFCreator-1_7_3_setup.exe

2014-05-25 15:07 - 2014-05-25 15:07 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe

2014-05-25 15:06 - 2014-05-25 15:15 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool

2014-05-24 01:59 - 2014-05-24 01:59 - 00000000 ____D () C:\Users\hp1\Downloads\C

2014-05-21 23:20 - 2014-05-26 03:28 - 00000000 ____D () C:\ProgramData\NaturalReaders

2014-05-21 21:53 - 2014-05-21 21:53 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\.mono

2014-05-21 00:12 - 2014-05-21 00:14 - 00000000 ____D () C:\Users\hp1\Downloads\2nd Year

2014-05-21 00:09 - 2014-05-21 00:11 - 00000000 ____D () C:\Users\hp1\Downloads\3rd Year

2014-05-20 10:07 - 2014-05-20 10:12 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\deskPDF Editor

2014-05-20 10:02 - 2014-05-20 10:02 - 00000953 _____ () C:\Windows\deskinst.log

2014-05-20 10:02 - 2014-05-20 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docudesk

2014-05-20 10:02 - 2013-08-12 11:29 - 00081608 _____ () C:\Windows\SysWOW64\ddcvt4.exe

2014-05-20 10:02 - 2013-08-12 11:29 - 00081608 _____ () C:\Windows\system32\ddcvt4.exe

2014-05-20 10:02 - 2013-08-12 11:28 - 00057032 _____ () C:\Windows\SysWOW64\desksc.exe

2014-05-20 10:02 - 2013-08-12 11:28 - 00057032 _____ () C:\Windows\system32\desksc.exe

2014-05-20 10:02 - 2013-06-17 17:40 - 00035944 _____ () C:\Windows\system32\ddmon4-64x.dll

2014-05-20 10:01 - 2014-05-20 10:01 - 00000000 ____D () C:\Program Files (x86)\Docudesk

2014-05-20 09:46 - 2014-05-20 09:46 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk

2014-05-18 12:04 - 2014-05-18 12:05 - 00000000 ____D () C:\Windows\rescache

2014-05-17 18:17 - 2014-05-20 10:18 - 00000000 ____D () C:\Users\hp1\Downloads\bca

2014-05-17 17:04 - 2014-05-17 17:05 - 00000000 ____D () C:\Users\hp1\AppData\Local\NETGEARGenie

2014-05-17 17:04 - 2014-05-17 17:04 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll

2014-05-17 17:04 - 2014-05-17 17:04 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll

2014-05-17 17:04 - 2014-05-17 17:04 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll

2014-05-17 17:04 - 2014-05-17 17:04 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll

2014-05-17 17:04 - 2014-05-17 17:04 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys

2014-05-17 17:04 - 2014-05-17 17:04 - 00002072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk

2014-05-17 17:04 - 2014-05-17 17:04 - 00000000 ____D () C:\Program Files (x86)\NETGEAR Genie

2014-05-17 14:58 - 2014-06-01 23:03 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software

2014-05-17 14:58 - 2014-05-27 00:41 - 00000000 ____D () C:\Program Files (x86)\NCH Software

2014-05-17 14:58 - 2014-05-26 16:11 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\NCH Software

2014-05-17 14:58 - 2014-05-26 16:11 - 00000000 ____D () C:\ProgramData\NCH Software

2014-05-17 14:58 - 2014-05-17 14:58 - 00001150 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk

2014-05-17 14:54 - 2014-05-17 14:54 - 00000000 ____D () C:\Users\hp1\AppData\Local\Windows Live

2014-05-17 14:54 - 2014-05-17 14:54 - 00000000 ____D () C:\Users\hp1\AppData\Local\{F135D571-3251-41F9-B429-51625A4AF976}

2014-05-17 14:54 - 2014-05-17 14:54 - 00000000 ____D () C:\Users\hp1\AppData\Local\{C315A3C9-010D-4B2C-8BFD-84377B122BC7}

2014-05-16 08:03 - 2014-05-16 08:03 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-05-14 18:37 - 2014-03-29 00:49 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys

2014-05-14 18:37 - 2014-03-24 03:41 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys

2014-05-14 18:36 - 2014-03-28 13:53 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2014-05-14 16:35 - 2014-04-12 14:57 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-14 16:35 - 2014-04-12 14:40 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-14 16:35 - 2014-04-12 14:39 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll

2014-05-14 16:35 - 2014-04-12 14:39 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll

2014-05-14 16:35 - 2014-04-12 14:39 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-14 16:35 - 2014-04-12 14:39 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-14 16:35 - 2014-04-12 14:38 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-14 16:35 - 2014-04-12 14:38 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-14 16:35 - 2014-04-12 14:38 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll

2014-05-14 16:35 - 2014-04-12 14:38 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-14 16:35 - 2014-04-12 14:37 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-05-14 16:35 - 2014-04-12 12:53 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll

2014-05-14 16:35 - 2014-04-12 12:53 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll

2014-05-14 16:35 - 2014-04-12 12:53 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-05-14 16:35 - 2014-04-12 12:53 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-05-14 16:35 - 2014-04-12 12:53 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-05-14 16:35 - 2014-04-12 12:52 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-05-14 16:35 - 2014-04-12 12:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-05-14 16:35 - 2014-04-12 12:28 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll

2014-05-14 16:35 - 2014-03-28 13:53 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-14 16:35 - 2014-03-28 11:48 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-05-14 16:35 - 2014-03-11 09:02 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-14 16:35 - 2014-03-11 08:55 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-14 16:35 - 2014-03-11 06:11 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll

2014-05-14 16:35 - 2014-03-11 06:11 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-05-14 16:35 - 2014-03-11 06:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll

2014-05-14 16:35 - 2014-03-11 06:09 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-14 16:35 - 2014-03-11 06:08 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-14 16:35 - 2014-03-11 06:08 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-14 16:35 - 2014-03-11 06:08 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-14 16:35 - 2014-03-11 06:08 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll

2014-05-14 16:35 - 2014-03-11 06:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-14 16:35 - 2014-03-11 06:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-14 16:35 - 2014-03-11 06:08 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-14 16:35 - 2014-03-10 08:35 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-05-14 16:35 - 2014-03-10 06:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-05-14 16:35 - 2014-03-04 04:37 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2014-05-14 16:34 - 2014-05-06 10:44 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-14 16:34 - 2014-05-06 10:44 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-14 16:34 - 2014-05-06 09:18 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-14 16:34 - 2014-05-06 09:18 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-14 16:34 - 2014-05-06 09:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-14 16:34 - 2014-05-06 08:56 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-14 16:33 - 2014-03-01 15:17 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-05-14 16:33 - 2014-03-01 15:17 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll

2014-05-14 16:33 - 2014-03-01 13:37 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll

2014-05-14 16:33 - 2014-03-01 12:29 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-05-14 16:33 - 2014-02-27 04:48 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2014-05-14 16:33 - 2014-02-27 04:48 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2014-05-14 16:33 - 2014-02-27 04:48 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2014-05-14 16:33 - 2014-02-27 04:48 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2014-05-14 16:33 - 2014-02-15 09:45 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys

2014-05-13 23:47 - 2014-05-13 23:47 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-05-11 03:08 - 2014-05-11 03:08 - 00018416 _____ () C:\Users\hp1\Downloads\[exrapidleech]_wSUq4_[exrapidleech.info]

2014-05-11 03:03 - 2014-05-11 03:03 - 00009192 _____ () C:\Users\hp1\Downloads\1ffe955806c5eb67fe62359205699262.htm

2014-05-11 03:02 - 2014-05-11 03:02 - 00000082 _____ () C:\Users\hp1\Downloads\[exrapidleech]_Rapidgator_[exrapidleech.info]

2014-05-10 21:16 - 2014-04-19 15:09 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-05-10 21:16 - 2014-04-19 14:15 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-05-10 21:16 - 2014-04-19 14:15 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-10 21:16 - 2014-04-19 12:27 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-05-10 21:16 - 2014-04-19 12:27 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-10 21:16 - 2014-01-31 06:18 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll

2014-05-10 21:15 - 2014-02-04 05:26 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-05-10 21:15 - 2014-02-04 05:26 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-05-10 21:15 - 2014-01-31 06:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll

2014-05-10 21:15 - 2014-01-31 05:36 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll

2014-05-10 21:15 - 2014-01-27 09:12 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-05-10 21:15 - 2014-01-27 09:09 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-05-10 21:15 - 2014-01-27 04:47 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml

2014-05-10 21:15 - 2014-01-16 05:12 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2014-05-10 21:15 - 2014-01-11 12:18 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-05-10 21:15 - 2014-01-11 10:36 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-05-10 21:15 - 2014-01-03 05:05 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2014-05-10 21:15 - 2014-01-03 05:02 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2014-05-10 21:13 - 2014-03-07 06:18 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-05-10 21:13 - 2014-03-07 06:18 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-05-10 21:13 - 2014-03-07 06:17 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-05-10 21:13 - 2014-03-07 06:17 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-05-10 21:13 - 2014-03-07 06:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-05-10 21:13 - 2014-03-07 05:38 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-10 21:13 - 2014-03-07 05:38 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-10 21:13 - 2014-03-07 05:38 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-10 21:13 - 2014-03-07 05:38 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-05-10 21:13 - 2014-03-07 05:38 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-10 21:13 - 2014-03-07 05:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-10 21:13 - 2013-05-16 04:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-05-10 21:13 - 2013-05-16 04:05 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-05-10 21:13 - 2013-02-21 15:59 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-05-10 21:13 - 2013-02-21 15:59 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-05-10 21:13 - 2013-02-21 15:59 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-05-10 21:13 - 2013-02-21 15:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-05-10 21:13 - 2013-02-21 15:44 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-05-10 21:13 - 2013-02-19 15:23 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-05-10 21:13 - 2012-11-08 09:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-05-10 21:13 - 2012-11-08 09:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-05-10 21:13 - 2012-07-26 08:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-05-10 21:12 - 2014-03-07 06:17 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-05-10 21:12 - 2014-03-07 06:17 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-05-10 21:12 - 2014-03-07 06:17 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-05-10 21:12 - 2014-03-07 05:38 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-10 21:12 - 2014-03-07 05:38 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-10 21:12 - 2014-03-07 05:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-05-10 21:12 - 2013-02-21 15:44 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-09 06:15 - 2014-05-09 06:15 - 00000791 _____ () C:\Users\hp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pics.lnk

2014-05-07 23:28 - 2014-05-07 23:28 - 00012800 ___SH () C:\Users\hp1\Documents\Thumbs.db

 

==================== One Month Modified Files and Folders =======

 

2014-06-02 20:53 - 2014-06-02 20:52 - 00021482 _____ () C:\Users\hp1\Desktop\FRST.txt

2014-06-02 20:53 - 2013-08-07 22:20 - 00000000 ____D () C:\Users\hp1\AppData\Local\Temp

2014-06-02 20:52 - 2014-06-02 20:52 - 00000000 ____D () C:\FRST

2014-06-02 20:50 - 2014-06-02 20:50 - 22150984 _____ () C:\Users\hp1\Downloads\NRI_3.avi.crdownload

2014-06-02 20:45 - 2013-08-18 18:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-02 20:40 - 2014-01-28 02:48 - 00000000 ____D () C:\Program Files (x86)\WinZipper

2014-06-02 20:40 - 2012-07-26 10:56 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-06-02 20:38 - 2013-08-08 03:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-02 20:38 - 2013-03-22 10:00 - 00000983 _____ () C:\Windows\SysWOW64\bscs.ini

2014-06-02 17:14 - 2014-03-17 17:12 - 00437376 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-06-02 17:14 - 2013-08-10 17:08 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForhp1.job

2014-06-02 17:14 - 2012-07-26 12:52 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-02 17:13 - 2014-03-29 12:47 - 00000000 ____D () C:\ProgramData\Assistant

2014-06-02 17:13 - 2013-12-15 01:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-06-02 17:13 - 2012-08-04 03:53 - 00052610 _____ () C:\Windows\PFRO.log

2014-06-02 17:12 - 2014-04-14 13:25 - 00000000 ____D () C:\ProgramData\SauveNNewaAppz

2014-06-02 17:12 - 2014-02-28 11:46 - 00000000 ____D () C:\ProgramData\DownSavve

2014-06-02 17:12 - 2014-02-01 22:30 - 00000000 ____D () C:\ProgramData\AddBlocKnWaTch

2014-06-02 17:12 - 2014-01-28 02:26 - 00000000 ____D () C:\ProgramData\WPM

2014-06-02 17:12 - 2013-12-28 15:14 - 00000000 ____D () C:\ProgramData\suRf and KEep

2014-06-02 17:12 - 2013-11-24 07:26 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\Orbit

2014-06-02 17:12 - 2012-07-26 10:56 - 02359296 ___SH () C:\Windows\system32\config\BBI

2014-06-02 16:57 - 2014-06-02 16:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-02 16:55 - 2014-06-02 16:55 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-02 16:55 - 2014-06-02 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-02 16:55 - 2014-06-02 16:55 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-02 16:55 - 2014-06-02 16:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-02 16:53 - 2014-06-02 16:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\hp1\Downloads\mbam-setup-2.0.2.1012 (1).exe

2014-06-02 16:44 - 2013-08-07 22:20 - 01860901 _____ () C:\Windows\WindowsUpdate.log

2014-06-02 16:33 - 2013-09-23 12:43 - 00000000 ____D () C:\Users\hp1\Documents\Leonie

2014-06-02 16:30 - 2012-07-26 13:42 - 00000000 ____D () C:\Windows\system32\sru

2014-06-02 16:20 - 2013-08-08 03:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-02 16:19 - 2013-11-10 19:14 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442161694-1867086132-3323340639-1001UA.job

2014-06-02 00:30 - 2013-08-10 17:40 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\vlc

2014-06-01 23:03 - 2014-05-17 14:58 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software

2014-06-01 22:56 - 2014-06-01 22:56 - 00001072 _____ () C:\Users\Public\Desktop\Collage Maker 3.80.lnk

2014-06-01 22:56 - 2014-06-01 22:55 - 00000000 ____D () C:\Users\hp1\Documents\Collage Maker Projects

2014-06-01 22:55 - 2014-06-01 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collage Maker 3.80

2014-06-01 22:55 - 2014-06-01 22:55 - 00000000 ____D () C:\Program Files (x86)\Collage Maker 3.80

2014-06-01 22:54 - 2014-06-01 22:54 - 00000000 ___RD () C:\Users\hp1\Desktop\New folder

2014-06-01 22:54 - 2014-06-01 22:51 - 27515904 _____ () C:\Users\hp1\Desktop\CollageMaker3.8.msi

2014-06-01 22:30 - 2014-06-01 22:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\hp1\Downloads\mbam-setup-2.0.2.1012.exe

2014-06-01 19:53 - 2014-06-02 16:58 - 02067456 _____ (Farbar) C:\Users\hp1\Desktop\FRST64.exe

2014-06-01 14:51 - 2012-07-26 13:42 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-05-31 11:52 - 2013-08-10 17:08 - 00003158 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForhp1

2014-05-31 11:52 - 2013-08-07 22:20 - 00000000 ____D () C:\Users\hp1

2014-05-31 11:01 - 2014-05-26 16:28 - 00008152 _____ () C:\Users\hp1\Documents\bookmarks_5_26_14.html

2014-05-30 23:18 - 2014-06-01 22:56 - 526504904 _____ () C:\Users\hp1\Desktop\Blended.flv

2014-05-29 22:50 - 2013-08-08 02:05 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-05-29 22:49 - 2013-08-08 02:05 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-05-28 11:23 - 2014-04-26 11:42 - 00000000 ____D () C:\Users\hp1\Downloads\pics

2014-05-27 15:42 - 2014-05-27 00:24 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\TeamViewer

2014-05-27 01:26 - 2014-05-27 00:54 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\Audacity

2014-05-27 01:12 - 2014-05-27 01:12 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity

2014-05-27 01:11 - 2014-05-27 01:11 - 00527423 _____ ( ) C:\Users\hp1\Downloads\Lame_v3.99.3_for_Windows.exe

2014-05-27 00:54 - 2014-05-27 00:54 - 00001023 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2014-05-27 00:54 - 2014-05-27 00:53 - 00000000 ____D () C:\Program Files (x86)\Audacity

2014-05-27 00:53 - 2014-05-27 00:50 - 22180353 _____ (Audacity Team ) C:\Users\hp1\Downloads\audacity-win-2.0.5.exe

2014-05-27 00:41 - 2014-05-26 16:11 - 00000905 _____ () C:\Users\hp1\AppData\Roaming\trace_FilterInstaller.txt

2014-05-27 00:41 - 2014-05-26 16:11 - 00000000 _____ () C:\Users\hp1\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt

2014-05-27 00:41 - 2014-05-17 14:58 - 00000000 ____D () C:\Program Files (x86)\NCH Software

2014-05-27 00:24 - 2014-05-27 00:24 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

2014-05-26 16:34 - 2014-05-26 16:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-26 16:11 - 2014-05-26 16:11 - 00001167 _____ () C:\Users\hp1\AppData\Roaming\trace_FilterInstaller.1.txt

2014-05-26 16:11 - 2014-05-17 14:58 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\NCH Software

2014-05-26 16:11 - 2014-05-17 14:58 - 00000000 ____D () C:\ProgramData\NCH Software

2014-05-26 16:10 - 2014-05-26 16:10 - 00752176 _____ (NCH Software) C:\Users\hp1\Downloads\vxlsetupfree.exe

2014-05-26 03:58 - 2014-05-26 03:37 - 00000000 ____D () C:\Users\hp1\Downloads\DSpeech

2014-05-26 03:28 - 2014-05-21 23:20 - 00000000 ____D () C:\ProgramData\NaturalReaders

2014-05-26 03:03 - 2014-05-26 03:03 - 00359891 _____ () C:\Users\hp1\Downloads\pilotscafe.apps.navtrainer.apk

2014-05-25 16:37 - 2013-08-07 23:59 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2442161694-1867086132-3323340639-1001

2014-05-25 15:45 - 2014-05-25 15:45 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\HewlettPackard

2014-05-25 15:44 - 2014-05-25 15:44 - 01099264 _____ () C:\Users\hp1\Downloads\HPDetect.msi

2014-05-25 15:33 - 2014-05-25 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2

2014-05-25 15:33 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\PDFCreator

2014-05-25 15:32 - 2014-05-25 15:32 - 00000000 ____D () C:\Users\hp1\Documents\PDF Architect 2

2014-05-25 15:32 - 2014-05-25 15:32 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2

2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\pdfforge

2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\PDF Architect 2

2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator

2014-05-25 15:28 - 2014-05-25 15:26 - 27843432 _____ (pdfforge ) C:\Users\hp1\Downloads\PDFCreator-1_7_3_setup.exe

2014-05-25 15:18 - 2013-08-13 12:16 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\Yahoo!

2014-05-25 15:15 - 2014-05-25 15:06 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool

2014-05-25 15:07 - 2014-05-25 15:07 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe

2014-05-24 01:59 - 2014-05-24 01:59 - 00000000 ____D () C:\Users\hp1\Downloads\C

2014-05-22 19:19 - 2013-11-10 19:14 - 00000904 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442161694-1867086132-3323340639-1001Core.job

2014-05-22 07:53 - 2012-07-26 12:58 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-21 21:53 - 2014-05-21 21:53 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\.mono

2014-05-21 02:00 - 2013-11-17 06:23 - 00000000 ____D () C:\Users\hp1\AppData\Local\Microsoft Help

2014-05-21 00:41 - 2012-07-26 13:42 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-05-21 00:14 - 2014-05-21 00:12 - 00000000 ____D () C:\Users\hp1\Downloads\2nd Year

2014-05-21 00:11 - 2014-05-21 00:09 - 00000000 ____D () C:\Users\hp1\Downloads\3rd Year

2014-05-20 10:18 - 2014-05-17 18:17 - 00000000 ____D () C:\Users\hp1\Downloads\bca

2014-05-20 10:12 - 2014-05-20 10:07 - 00000000 ____D () C:\Users\hp1\AppData\Roaming\deskPDF Editor

2014-05-20 10:02 - 2014-05-20 10:02 - 00000953 _____ () C:\Windows\deskinst.log

2014-05-20 10:02 - 2014-05-20 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docudesk

2014-05-20 10:01 - 2014-05-20 10:01 - 00000000 ____D () C:\Program Files (x86)\Docudesk

2014-05-20 09:46 - 2014-05-20 09:46 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk

2014-05-20 09:38 - 2014-02-26 20:15 - 00000000 ____D () C:\Users\hp1\Downloads\Pen

2014-05-18 12:05 - 2014-05-18 12:04 - 00000000 ____D () C:\Windows\rescache

2014-05-18 11:01 - 2013-10-02 03:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-17 17:19 - 2012-07-26 13:42 - 00000000 ___HD () C:\Windows\ELAMBKUP

2014-05-17 17:05 - 2014-05-17 17:04 - 00000000 ____D () C:\Users\hp1\AppData\Local\NETGEARGenie

2014-05-17 17:04 - 2014-05-17 17:04 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll

2014-05-17 17:04 - 2014-05-17 17:04 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll

2014-05-17 17:04 - 2014-05-17 17:04 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll

2014-05-17 17:04 - 2014-05-17 17:04 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll

2014-05-17 17:04 - 2014-05-17 17:04 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys

2014-05-17 17:04 - 2014-05-17 17:04 - 00002072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk

2014-05-17 17:04 - 2014-05-17 17:04 - 00000000 ____D () C:\Program Files (x86)\NETGEAR Genie

2014-05-17 16:12 - 2013-08-08 04:17 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI

2014-05-17 16:12 - 2013-08-08 04:17 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI

2014-05-17 15:12 - 2014-01-05 15:19 - 00000414 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI

2014-05-17 15:02 - 2014-02-26 19:36 - 00000000 ____D () C:\Users\hp1\Downloads\New folder

2014-05-17 14:58 - 2014-05-17 14:58 - 00001150 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk

2014-05-17 14:54 - 2014-05-17 14:54 - 00000000 ____D () C:\Users\hp1\AppData\Local\Windows Live

2014-05-17 14:54 - 2014-05-17 14:54 - 00000000 ____D () C:\Users\hp1\AppData\Local\{F135D571-3251-41F9-B429-51625A4AF976}

2014-05-17 14:54 - 2014-05-17 14:54 - 00000000 ____D () C:\Users\hp1\AppData\Local\{C315A3C9-010D-4B2C-8BFD-84377B122BC7}

2014-05-17 14:08 - 2013-10-09 10:03 - 00118512 _____ () C:\Users\hp1\AppData\Local\GDIPFONTCACHEV1.DAT

2014-05-16 08:03 - 2014-05-16 08:03 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-05-16 07:58 - 2012-09-17 13:04 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-05-16 07:58 - 2012-09-17 13:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

2014-05-16 07:58 - 2012-09-17 13:03 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64

2014-05-16 07:57 - 2013-08-07 22:23 - 00000000 ___RD () C:\Users\hp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-16 07:57 - 2013-08-07 22:23 - 00000000 ___RD () C:\Users\hp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-15 19:29 - 2012-07-26 13:42 - 00000000 ___RD () C:\Windows\ToastData

2014-05-15 19:29 - 2012-07-26 13:42 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-15 19:29 - 2012-07-26 13:42 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-15 19:29 - 2012-07-26 13:42 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates

2014-05-15 19:29 - 2012-07-26 13:42 - 00000000 ____D () C:\Program Files\Windows Defender

2014-05-15 19:29 - 2012-07-26 13:42 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-05-14 21:50 - 2012-07-26 13:42 - 00000000 ____D () C:\Windows\system32\NDF

2014-05-14 19:03 - 2012-09-17 12:34 - 00005497 _____ () C:\Windows\system32\RaCoInst.log

2014-05-14 19:03 - 2012-07-26 13:29 - 00000000 ____D () C:\Windows\CbsTemp

2014-05-14 19:01 - 2013-11-17 06:23 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-05-14 19:01 - 2013-08-14 16:25 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-14 18:59 - 2013-08-09 09:37 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-05-13 23:48 - 2013-08-18 18:40 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-13 23:47 - 2014-05-13 23:47 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-05-12 09:25 - 2012-07-26 13:42 - 00000000 ____D () C:\Windows\WinStore

2014-05-12 07:26 - 2014-06-02 16:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 07:26 - 2014-06-02 16:55 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2014-06-02 16:55 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-11 03:08 - 2014-05-11 03:08 - 00018416 _____ () C:\Users\hp1\Downloads\[exrapidleech]_wSUq4_[exrapidleech.info]

2014-05-11 03:03 - 2014-05-11 03:03 - 00009192 _____ () C:\Users\hp1\Downloads\1ffe955806c5eb67fe62359205699262.htm

2014-05-11 03:02 - 2014-05-11 03:02 - 00000082 _____ () C:\Users\hp1\Downloads\[exrapidleech]_Rapidgator_[exrapidleech.info]

2014-05-10 20:10 - 2012-07-26 12:51 - 00058646 _____ () C:\Windows\setupact.log

2014-05-09 16:54 - 2013-12-30 05:23 - 04855296 ___SH () C:\Users\hp1\Downloads\Thumbs.db

2014-05-09 06:15 - 2014-05-09 06:15 - 00000791 _____ () C:\Users\hp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pics.lnk

2014-05-07 23:28 - 2014-05-07 23:28 - 00012800 ___SH () C:\Users\hp1\Documents\Thumbs.db

2014-05-06 10:44 - 2014-05-14 16:34 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-06 10:44 - 2014-05-14 16:34 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-06 09:18 - 2014-05-14 16:34 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-06 09:18 - 2014-05-14 16:34 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-06 09:07 - 2014-05-14 16:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-06 08:56 - 2014-05-14 16:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-05 16:48 - 2012-07-26 10:56 - 00000167 _____ () C:\Windows\win.ini

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe

[2014-05-14 16:35] - [2014-04-12 14:40] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

 

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-05-28 13:37

 

==================== End Of Log ============================

[nima_sherpa]

The Addition.txt is here:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01

Ran by hp1 at 2014-06-02 20:53:56

Running from C:\Users\hp1\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 

==================== Installed Programs ======================

 

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

7 Wonders II (x32 Version: 2.2.0.98 - WildTangent) Hidden

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden

AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{5977D04D-1D6A-952C-97AF-04D9D4C0AE56}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

Assistant (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}) (Version:  - Verified Publisher) <==== ATTENTION

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Collage Maker (HKLM-x32\...\{05F2884D-89AC-4DE4-A63D-7DB3FE3398DC}) (Version: 3.80 - Galleria Software)

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Crazy Chicken Soccer (x32 Version: 2.2.0.98 - WildTangent) Hidden

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)

CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.) Hidden

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)

CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden

CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)

CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)

CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)

CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden

CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)

CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)

CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

deskPDF Studio X (HKLM-x32\...\deskPDF Studio_is1) (Version:  - Docudesk)

Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.17 - NCH Software)

Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)

Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

FlashCrypt for Windows (HKLM-x32\...\FlashCrypt_is1) (Version: 1.0 - FSPro Labs)

FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)

HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)

HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden

HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)

HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)

HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden

HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)

HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)

HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)

HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)

Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

K-Lite Codec Pack 8.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.6.0 - )

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)

Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

NaturalReaderFree (HKLM-x32\...\{262EFBD9-A907-490F-81F4-561FDD3A8C5C}) (Version: 1.00.0000 - Naturalsoft limited)

NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.28.24.exe  - NETGEAR Inc.)

Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)

Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )

Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version:  - www.orbitdownloader.com)

PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)

PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

PDFCreator Bundle by Fileparade.com (HKLM-x32\...\PDFCreator Bundle by Fileparade.com) (Version: 1.0.0.0 - ) <==== ATTENTION

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.46 - NCH Software)

PileFile reminder (HKCU\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version:  - FINEDREAM INVEST LTD) <==== ATTENTION

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden

Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)

Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Shutdown8 (HKCU\...\Shutdown8) (Version: 1.08 - Bandisoft.com)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)

The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden

Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden

Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)

Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)

Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)

WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )

WinZipper (HKLM-x32\...\WinZipper) (Version: 1.4.8 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION

WPM17.8.0.3325 (HKLM-x32\...\WPM) (Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Restore Points  =========================

 

25-05-2014 10:02:28 Installed PDF Architect 2 View Module

01-06-2014 17:24:57 Installed Collage Maker

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {009C247A-B4EE-4D47-9C5F-0BBC20A7A063} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-30] (Symantec Corporation)

Task: {1900DBDA-1F74-436F-83B1-F3984F256905} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {25412BFB-725F-4689-B149-D30C13474013} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)

Task: {2CB1AC0B-56C1-4C28-8B33-36B03DE00FE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-08] (Google Inc.)

Task: {600C444D-BA13-4772-93F8-8A4AFC54946E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)

Task: {6C7C6A9F-4730-472E-82AE-9A75467175C7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)

Task: {741961B7-7C79-4CCC-A097-4335E10D8B0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {988173EF-12AC-4242-A2DE-1A89E1AC0D43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)

Task: {9AA86E7D-BBFB-4310-8DE3-5231AC4F6416} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {A9ED1E18-92FB-43AA-A7E8-BC0FCF1A300D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)

Task: {AA6AA318-DDEA-4163-BE68-5E739C8B8FB8} - System32\Tasks\HPCeeScheduleForhp1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {AF9EF7D3-AEE7-453B-A74C-7E394D62C1B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-08] (Google Inc.)

Task: {AFBED8B4-2026-4721-87E2-72950A327244} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2442161694-1867086132-3323340639-1001Core => C:\Users\hp1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-10] (Facebook Inc.)

Task: {BED81B5B-FAB7-4FD6-A351-8944A085453B} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {CF2BC2EC-8486-4AB6-8E6A-EF6F2FCED0D1} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

Task: {DD95D6CC-C19C-4071-ACBE-31BF534E60A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {E1D781F0-AD01-49AB-A3CD-0C25AB75D919} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-28] (CyberLink)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {FCA6C78D-F979-47C9-8319-CC1AD2E79568} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2442161694-1867086132-3323340639-1001UA => C:\Users\hp1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-10] (Facebook Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442161694-1867086132-3323340639-1001Core.job => C:\Users\hp1\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442161694-1867086132-3323340639-1001UA.job => C:\Users\hp1\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForhp1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-05-20 10:02 - 2013-06-17 17:40 - 00035944 _____ () C:\Windows\system32\ddmon4-64x.dll

2013-01-10 13:35 - 2013-01-10 13:35 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll

2013-10-02 03:47 - 2012-04-01 00:06 - 02689536 _____ () C:\Program Files\File Shredder\fsshell.dll

2013-01-10 11:25 - 2013-01-10 11:25 - 00364544 _____ () C:\Windows\system32\BsExtendFunc.dll

2013-01-10 13:30 - 2013-01-10 13:30 - 00022528 _____ () C:\Windows\system32\BsTrace.dll

2013-01-10 13:35 - 2013-01-10 13:35 - 00055296 _____ () C:\Windows\system32\BlueSoleilCSps.dll

2012-07-26 01:38 - 2012-07-26 01:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-04-07 17:08 - 2013-04-07 17:08 - 01044224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

2013-04-07 17:12 - 2013-04-07 17:12 - 00123136 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

2012-08-07 00:24 - 2012-08-07 00:24 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2014-01-28 02:48 - 2014-01-28 02:48 - 00612520 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll

2013-01-10 13:30 - 2013-01-10 13:30 - 00022528 _____ () C:\Windows\SYSTEM32\BsTrace.dll

2013-01-10 13:35 - 2013-01-10 13:35 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll

2013-01-10 13:35 - 2013-01-10 13:35 - 00055296 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll

2013-02-19 12:16 - 2013-02-19 12:16 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll

2013-02-19 12:16 - 2013-02-19 12:16 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll

2013-02-19 12:16 - 2013-02-19 12:16 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll

2013-02-19 12:16 - 2013-02-19 12:16 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll

2013-06-05 06:52 - 2013-06-05 06:52 - 00481280 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll

2013-03-27 14:12 - 2013-03-27 14:12 - 01553920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll

2013-02-19 12:16 - 2013-02-19 12:16 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll

2013-02-19 12:16 - 2013-02-19 12:16 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll

2013-05-10 08:42 - 2013-05-10 08:42 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll

2013-03-27 14:13 - 2013-03-27 14:13 - 01067520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll

2013-05-28 11:51 - 2013-05-28 11:51 - 04334592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll

2013-03-27 14:22 - 2013-03-27 14:22 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll

2013-03-27 14:20 - 2013-03-27 14:20 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll

2013-03-27 14:21 - 2013-03-27 14:21 - 01198080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll

2013-05-15 08:26 - 2013-05-15 08:26 - 08432128 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll

2013-04-28 11:55 - 2013-04-28 11:55 - 01205760 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll

2013-03-27 14:12 - 2013-03-27 14:12 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll

2013-03-27 14:21 - 2013-03-27 14:21 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll

2013-05-14 10:48 - 2013-05-14 10:48 - 00931840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll

2013-03-27 14:19 - 2013-03-27 14:19 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll

2013-02-19 12:16 - 2013-02-19 12:16 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll

2013-02-19 12:16 - 2013-02-19 12:16 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll

2013-02-19 12:16 - 2013-02-19 12:16 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll

2013-03-27 14:12 - 2013-03-27 14:12 - 00137728 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll

2013-03-27 08:28 - 2013-03-27 08:28 - 00139264 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll

2012-11-29 15:26 - 2012-11-29 15:26 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll

2013-03-27 08:28 - 2013-03-27 08:28 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL

2013-03-27 08:28 - 2013-03-27 08:28 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll

2013-03-27 08:28 - 2013-03-27 08:28 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll

2013-03-27 14:21 - 2013-03-27 14:21 - 00714240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll

2013-03-27 14:19 - 2013-03-27 14:19 - 00485376 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll

2013-03-27 14:19 - 2013-03-27 14:19 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll

2013-03-27 08:28 - 2013-03-27 08:28 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll

2013-12-06 07:22 - 2013-12-04 08:17 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-06 07:22 - 2013-12-04 08:17 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

2012-09-17 12:51 - 2012-06-08 09:04 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-09 00:04 - 2012-06-09 00:04 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2013-08-13 12:16 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

2013-12-06 07:22 - 2013-12-04 08:18 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-06 07:22 - 2013-12-04 08:18 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-06 07:22 - 2013-12-04 08:17 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

2013-12-06 07:22 - 2013-12-04 08:18 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

2014-05-02 05:00 - 2012-05-30 12:21 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll

2012-09-17 12:30 - 2012-06-26 00:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== EXE Association (whitelisted) =============

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/02/2014 05:14:23 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error

 

Error: (06/02/2014 00:31:00 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (06/01/2014 11:02:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: NIMA_LEONIE)

Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.

 

Error: (06/01/2014 10:50:56 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (06/01/2014 10:50:54 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (06/01/2014 10:50:49 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (06/01/2014 10:50:49 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (06/01/2014 05:55:54 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error

 

Error: (06/01/2014 05:06:27 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error

 

Error: (06/01/2014 04:41:07 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error

 

 

System errors:

=============

Error: (06/02/2014 08:38:11 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/02/2014 08:38:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Assistant service to connect.

 

Error: (06/02/2014 08:38:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/02/2014 05:14:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/02/2014 05:14:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Wpm Service service failed to start due to the following error: 

%%87

 

Error: (06/02/2014 05:12:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/02/2014 05:12:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/02/2014 05:12:40 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/02/2014 05:12:40 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (06/02/2014 04:37:28 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2013-11-30 19:10:19.313

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-30 19:10:19.283

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-30 19:10:19.255

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-30 19:10:19.227

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-30 19:10:19.199

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-30 19:10:19.172

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-30 19:10:19.144

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-30 19:10:19.117

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-08 05:17:25.891

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-08 05:11:52.845

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 48%

Total physical RAM: 3986.27 MB

Available physical RAM: 2058.39 MB

Total Pagefile: 4946.27 MB

Available Pagefile: 2612.81 MB

Total Virtual: 8192 MB

Available Virtual: 8191.79 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:222.7 GB) (Free:27.98 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:24 GB) (Free:2.89 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (Backup) (Fixed) (Total:218.29 GB) (Free:41.84 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 526DF2E5)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• 
  

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

Please download Junkware Removal Tool to your desktop.

• 
  

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 

• 
  

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 

• 
  

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

 

 

fixlist.txt

[nima_sherpa]

How can I run fixlist.txt

I downloaded it from your attachment and opened the file. It shows

 

Start

AppInit_DLLs: C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL => C:\ProgramData\Assistant\Assistant_x64.dll [4395520 2014-03-29] ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp...q={searchTerms}

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF

S2 Wpm;  [X]

U4 BthAvrcpTg; 

U4 BthHFEnum; 

U4 bthhfhid; 

ask: {CF2BC2EC-8486-4AB6-8E6A-EF6F2FCED0D1} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

End

[kevinf80]

The instructions do not tell you to open the file, d/l and save the file to the same place as FRST. Open FRST and select the "Fix" tab just once. Wait till FRST is finished, it will produce a log

[nima_sherpa]

Thanks

[nima_sherpa]

Here's the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014

Ran by hp1 at 2014-06-04 00:22:50 Run:1

Running from C:\Users\hp1\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

AppInit_DLLs: C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL => C:\ProgramData\Assistant\Assistant_x64.dll [4395520 2014-03-29] ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp...q={searchTerms}

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF

S2 Wpm;  [X]

U4 BthAvrcpTg; 

U4 BthHFEnum; 

U4 bthhfhid; 

ask: {CF2BC2EC-8486-4AB6-8E6A-EF6F2FCED0D1} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

End

*****************

 

"C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL" => Value Data removed successfully.

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.

HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.

Wpm => Service deleted successfully.

BthAvrcpTg => Service deleted successfully.

BthHFEnum => Service deleted successfully.

bthhfhid => Service deleted successfully.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

[kevinf80]

Thanks for the log, have you completed the rest of the instructions?

[nima_sherpa]

Yes, I'm doing that.

[kevinf80]

Thank you for the update......

[nima_sherpa]

i'm sorry for the delay. here's adwcleaner log

 

# AdwCleaner v3.211 - Report created 05/06/2014 at 01:59:04

# Updated 26/05/2014 by Xplode

# Operating System : Windows 8 Single Language  (64 bits)

# Username : hp1 - NIMA_LEONIE

# Running from : C:\Users\hp1\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : winzipersvc

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Assistant

Folder Deleted : C:\ProgramData\QuickSet

Folder Deleted : C:\ProgramData\WPM

Folder Deleted : C:\ProgramData\NewSoaver

Folder Deleted : C:\ProgramData\SauveNNewaAppz

Folder Deleted : C:\ProgramData\suRf and KEep

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper

Folder Deleted : C:\Program Files (x86)\BonanzaDeals

Folder Deleted : C:\Program Files (x86)\iSafe

Folder Deleted : C:\Program Files (x86)\orbitdownloader

Folder Deleted : C:\Program Files (x86)\SimilarSites

Folder Deleted : C:\Program Files (x86)\WinZipper

Folder Deleted : C:\Program Files (x86)\NewSoaver

Folder Deleted : C:\Program Files (x86)\suRf and KEep

Folder Deleted : C:\Program Files (x86)\Common Files\337

Folder Deleted : C:\Users\Administrator\AppData\Local\torch

Folder Deleted : C:\Users\Guest\AppData\Local\torch

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch

Folder Deleted : C:\Users\hp1\AppData\Roaming\Oxy

Folder Deleted : C:\Users\hp1\AppData\Roaming\pdfforge

Folder Deleted : C:\Users\hp1\AppData\Roaming\WinZipper

Folder Deleted : C:\Users\Leonie\AppData\Local\torch

Folder Deleted : C:\Users\hp1\AppData\Roaming\Mozilla\Firefox\Profiles\tda6zgi4.default\CT2712698

Folder Deleted : C:\Users\hp1\AppData\Roaming\Mozilla\Firefox\Profiles\tda6zgi4.default\Extensions\{2b9b4ad6-becb-4891-8d9d-6686487a0aa8}

Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciepccboidphdgoodegeeghcmlcgejjn

Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciepccboidphdgoodegeeghcmlcgejjn

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciepccboidphdgoodegeeghcmlcgejjn

Folder Deleted : C:\Users\Leonie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciepccboidphdgoodegeeghcmlcgejjn

Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebnfippiamgijnbdiofkgcielccibfpo

Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebnfippiamgijnbdiofkgcielccibfpo

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebnfippiamgijnbdiofkgcielccibfpo

Folder Deleted : C:\Users\Leonie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebnfippiamgijnbdiofkgcielccibfpo

Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nealcklbfgnjecldanleegmaakecfdod

Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nealcklbfgnjecldanleegmaakecfdod

Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nealcklbfgnjecldanleegmaakecfdod

Folder Deleted : C:\Users\Leonie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nealcklbfgnjecldanleegmaakecfdod

File Deleted : C:\Users\hp1\AppData\Roaming\LiveSupport.exe_log.txt

File Deleted : C:\Users\hp1\AppData\Roaming\regsvr32.exe_log.txt

File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Key Deleted : HKLM\SOFTWARE\Classes\NewSaVEr.NewSaVEr

Key Deleted : HKLM\SOFTWARE\Classes\NewSaVEr.NewSaVEr.1.1

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA657915-E81A-FADA-CDC9-AF5B7FE16117}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F7F7A6C9-A476-06C7-1A20-5CF4F94A3146}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F7F7A6C9-A476-06C7-1A20-5CF4F94A3146}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F7F7A6C9-A476-06C7-1A20-5CF4F94A3146}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CA657915-E81A-FADA-CDC9-AF5B7FE16117}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F7F7A6C9-A476-06C7-1A20-5CF4F94A3146}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CA657915-E81A-FADA-CDC9-AF5B7FE16117}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F7F7A6C9-A476-06C7-1A20-5CF4F94A3146}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]

Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Escolade

Key Deleted : HKCU\Software\Orbit

Key Deleted : HKCU\Software\RegisteredApplicationsEx

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\AppDataLow\Software

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Desksvc

Key Deleted : HKLM\Software\GS.Enabler

Key Deleted : HKLM\Software\hdcode

Key Deleted : HKLM\Software\IePlugin

Key Deleted : HKLM\Software\Orbit

Key Deleted : HKLM\Software\V9

Key Deleted : HKLM\Software\winzipersvc

Key Deleted : HKLM\Software\Wpm

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

 

-\\ Mozilla Firefox v29.0.1 (en-US)

 

[ File : C:\Users\hp1\AppData\Roaming\Mozilla\Firefox\Profiles\tda6zgi4.default\prefs.js ]

 

Line Deleted : user_pref("extensions.01U2r.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexO[...]

Line Deleted : user_pref("extensions.Oux3rj6PO.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]

Line Deleted : user_pref("extensions.VkI7xhR.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]

Line Deleted : user_pref("extensions.tO2T5.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexO[...]

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\hp1\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [10668 octets] - [05/06/2014 01:56:59]

AdwCleaner[s0].txt - [10427 octets] - [05/06/2014 01:59:04]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10488 octets] ##########

[nima_sherpa]

running the junkware removal tool now

[kevinf80]

Thanks for the update.....

[nima_sherpa]

thanks

 

here is the jrt.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8 Single Language x64

Ran by hp1 on 05-06-2014 at  2:04:50.45

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\hp1\appdata\local\{C315A3C9-010D-4B2C-8BFD-84377B122BC7}

Successfully deleted: [Empty Folder] C:\Users\hp1\appdata\local\{F135D571-3251-41F9-B429-51625A4AF976}

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\hp1\AppData\Roaming\mozilla\firefox\profiles\tda6zgi4.default\minidumps [4 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 05-06-2014 at  2:13:44.47

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[nima_sherpa]

i'd also like to mention that clicking on any valid genuine link in my emails or websites also opens some online shopping sites

[nima_sherpa]

kevin thanks for being with me. i've just completed mbam and here's the log

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 05-06-2014

Scan Time: 02:24:22

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.06.04.11

Rootkit Database: v2014.06.02.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8

CPU: x64

File System: NTFS

User: hp1

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 322974

Time Elapsed: 13 min, 55 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.OptimumInstaller.A, C:\Users\hp1\Downloads\java_setup.exe, Quarantined, [aad1ec88c8b3e353c8ca62ed4db40cf4], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[nima_sherpa]

what should i do now? please help me out

[kevinf80]

Do you still have the redirect issue, if so is it specific to one browser or more than one. If so tell me which browser has the issue...

[nima_sherpa]

both google chrome and mozilla are having this issue. i never use IE.

[nima_sherpa]

The redirect issue seems to have stopped, but my internet is still show despite speedtest.net showing full speed and it takes longer to sign in to windows after restart.

[kevinf80]

Maybe the redirect was cleared when we ran AdwCleaner and JRT, There is still one more scan to run, this one is very thorough so may take several hours.....

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• 
  

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 

• 
  

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 

• 
  

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Thanks,

 

Kevin

[nima_sherpa]

by the way do i need to keep all the previous tools that we installed on my system?

[kevinf80]

We can remove the tools later when we are sure your system is clean....