Jump to content

YWNMON32 Trojan


Recommended Posts

I got a message stating I needed to download Java to see a real estate page and when I did this virus was downloaded. I have run malwarebytes and it gives a list of quarantined items. I select them all and push delete, but there are still items remaining. I work from home and this is preventing me from working. Please help. 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01

Ran by Chara's Work (administrator) on HOMEOFFICE on 07-07-2014 09:23:38

Running from C:\Users\Chara's Work\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Interactive Intelligence, Inc.) C:\Program Files (x86)\Interactive Intelligence\ICUserApps\inin_qos_service-w32r-1-1.exe

(Interactive Intelligence, Inc.) C:\Program Files (x86)\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Users\Public\mysql\bin\mysqld-nt.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(BodyMedia, Inc.) C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

() C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

(AOL Inc.) C:\Users\Chara's Work\AppData\Local\AOL\AIM\aim.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Google Inc.) C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

(Google Inc.) C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\chrome.exe

() C:\ProgramData\HP Photo Creations\Communicator.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-12] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Redirector] => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [Windows YWN Monitor] => C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe [988160 2014-07-02] ()

HKLM-x32\...\Run: [ywnmon32] => C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe [988160 2014-07-02] ()

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-27] (Hewlett-Packard)

HKU\S-1-5-21-2526592388-2313282358-3829499931-1001\...\Run: [inbitIMC] => C:\Program Files (x86)\24im\24im Messenger\IMC.EXE [3423744 2014-03-06] (24im LLC)

HKU\S-1-5-21-2526592388-2313282358-3829499931-1001\...\Run: [Google Update] => C:\Users\Chara's Work\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-19] (Google Inc.)

HKU\S-1-5-21-2526592388-2313282358-3829499931-1001\...\MountPoints2: {8a028553-0d74-11e2-8432-386077d0c6f5} - F:\KODAK_Software_Downloader.exe

HKU\S-1-5-21-2526592388-2313282358-3829499931-1001\...\MountPoints2: {c1d27461-4147-11e1-99a4-806e6f6e6963} - E:\autorun.bat

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BodyMedia Sync.lnk

ShortcutTarget: BodyMedia Sync.lnk -> C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe (BodyMedia, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()

ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

BootExecute: autocheck autochk *  /sync /restart /sync /restart

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBF1D231F9B99CF01

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF


SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF


SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: HKLM-x32 {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://usden-portal2-a1.workbooth.com//SNX/CSHELL/extender.cab

DPF: HKLM-x32 {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB


DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com/dana-cached/sc/JuniperSetupClient.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 24.159.64.23 24.178.162.3 71.9.127.107

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Chara's Work\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Chara's Work\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

 

Chrome: 

=======

CHR HomePage: 

CHR DefaultSearchKeyword: bing.com

CHR DefaultSearchProvider: Bing


CHR DefaultNewTabURL: 

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File

CHR Plugin: (Norton Confidential) - C:\Users\Chara's Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll No File

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Users\Chara's Work\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chara's Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (YouTube) - C:\Users\Chara's Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-19]

CHR Extension: (Google Search) - C:\Users\Chara's Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-19]

CHR Extension: (Google Wallet) - C:\Users\Chara's Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Gmail) - C:\Users\Chara's Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-19]

CHR StartMenuInternet: Google Chrome - C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)

R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [368280 2014-02-19] (Check Point Software Technologies)

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-09-05] (WildTangent)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]

R2 ININ QoS; C:\Program Files (x86)\Interactive Intelligence\ICUserApps\inin_qos_service-w32r-1-1.exe [53248 2012-01-31] (Interactive Intelligence, Inc.) [File not signed]

R2 ININ Tracing; C:\Program Files (x86)\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe [36352 2012-01-31] (Interactive Intelligence, Inc.) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

R2 MySQL; C:\Users\Public\mysql\bin\mysqld-nt.exe [3432448 2010-08-27] () [File not signed]

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)

 

==================== Drivers (Whitelisted) ====================

 

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()

R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2008-03-05] (DemoForge, LLC)

S3 ISWKLP; C:\Windows\System32\drivers\ISWKLP.sys [43368 2014-04-30] (Check Point Software Technologies)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-07] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2014-02-19] (Check Point Software Technologies)

S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-07-07 09:23 - 2014-07-07 09:24 - 00026790 _____ () C:\Users\Chara's Work\Downloads\FRST.txt

2014-07-07 09:23 - 2014-07-07 09:23 - 00000000 ____D () C:\FRST

2014-07-07 09:22 - 2014-07-07 09:22 - 02084352 _____ (Farbar) C:\Users\Chara's Work\Downloads\FRST64.exe

2014-07-07 04:01 - 2014-07-07 04:01 - 00087074 _____ () C:\Users\Chara's Work\Downloads\Extras.Txt

2014-07-07 03:54 - 2014-07-07 03:54 - 00180136 _____ () C:\Users\Chara's Work\Downloads\OTL.Txt

2014-07-07 03:15 - 2014-07-07 03:15 - 00602112 _____ (OldTimer Tools) C:\Users\Chara's Work\Downloads\OTL.exe

2014-07-06 23:16 - 2014-07-06 23:16 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-06 23:16 - 2014-07-06 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-06 23:15 - 2014-07-06 23:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-06 23:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-06 23:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-06 23:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-06 23:12 - 2014-07-06 23:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chara's Work\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-06 22:22 - 2014-07-06 22:22 - 00995328 _____ () C:\Users\Chara's Work\Downloads\MicrosoftFixit50784 (1).msi

2014-07-06 22:21 - 2014-07-06 22:21 - 00995328 _____ () C:\Users\Chara's Work\Downloads\MicrosoftFixit50784.msi

2014-07-06 21:56 - 2014-07-06 21:56 - 29183200 _____ (Microsoft Corporation) C:\Users\Chara's Work\Downloads\Windows-KB890830-x64-V5.13.exe

2014-07-06 21:50 - 2014-07-07 08:35 - 00005008 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEOFFICE-Chara's Work HomeOffice

2014-07-06 18:09 - 2014-07-06 18:09 - 00000000 ____D () C:\Windows\Sun

2014-07-06 16:07 - 2014-07-07 09:23 - 24887296 _____ () C:\Users\Chara's Work\AppData\Local\ChromeHitoryDB

2014-07-06 16:07 - 2014-07-06 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open JDK Explorer

2014-07-06 16:06 - 2014-07-06 16:07 - 00000000 ____D () C:\Program Files (x86)\Open JDK Explorer

2014-07-06 16:05 - 2014-07-06 16:05 - 00003282 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule

2014-07-06 16:05 - 2014-07-06 16:05 - 00000000 ____D () C:\Users\Chara's Work\Documents\Optimizer Pro

2014-07-01 11:30 - 2014-07-01 11:30 - 00000133 _____ () C:\Users\Chara's Work\Documents\todo.txt

2014-06-24 08:47 - 2014-06-24 08:47 - 09001320 _____ () C:\Users\Chara's Work\Downloads\iSS.Transcription-2.0.27.zip

2014-06-21 00:18 - 2014-06-21 00:18 - 05146029 _____ () C:\Users\Chara's Work\Downloads\NineWestExampleCall.wma

2014-06-20 11:18 - 2014-06-20 11:18 - 00000000 ____D () C:\Users\Chara's Work\AppData\Local\{FCC02365-5131-4E95-BE4B-CDD24B1BB07C}

2014-06-20 08:25 - 2014-06-20 08:25 - 00001086 _____ () C:\Users\Chara's Work\Downloads\attachments.html

2014-06-14 07:03 - 2014-05-28 13:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-14 07:02 - 2014-05-28 13:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-14 07:02 - 2014-05-28 13:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-14 07:02 - 2014-05-28 13:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-14 07:02 - 2014-05-28 13:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-14 07:02 - 2014-05-28 13:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-14 07:02 - 2014-05-28 13:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-06-14 07:02 - 2014-05-28 13:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-14 07:02 - 2014-05-28 13:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-06-14 07:02 - 2014-05-28 13:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-14 07:02 - 2014-05-28 13:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-06-14 07:02 - 2014-05-28 13:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-06-14 07:02 - 2014-05-28 13:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-14 07:02 - 2014-05-28 13:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-06-14 07:02 - 2014-05-28 13:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-14 07:02 - 2014-05-28 13:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-14 07:02 - 2014-05-28 13:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-14 07:02 - 2014-05-28 13:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-06-14 07:02 - 2014-05-28 13:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-06-14 07:02 - 2014-05-28 13:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-06-14 07:02 - 2014-05-28 13:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-06-14 07:02 - 2014-05-28 11:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-06-14 07:02 - 2014-05-28 11:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-06-14 07:02 - 2014-05-28 11:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-06-14 07:02 - 2014-05-28 11:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-06-14 07:02 - 2014-05-28 11:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-06-14 07:02 - 2014-05-28 11:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-06-14 07:02 - 2014-05-28 11:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-06-14 07:02 - 2014-05-28 11:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-06-14 07:02 - 2014-05-28 11:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-06-14 07:02 - 2014-05-28 11:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-06-14 07:02 - 2014-05-28 11:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-06-14 07:02 - 2014-05-28 11:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-06-14 07:02 - 2014-05-28 11:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-06-14 07:02 - 2014-05-28 11:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-06-14 07:02 - 2014-05-28 11:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-06-14 07:02 - 2014-05-28 11:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-06-14 07:02 - 2014-05-28 11:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-06-14 07:02 - 2014-05-28 11:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-06-14 07:02 - 2014-05-28 11:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-06-14 07:02 - 2014-05-28 11:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-06-14 07:02 - 2014-05-28 11:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-06-14 07:01 - 2014-06-08 04:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-14 07:01 - 2014-06-08 04:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-06-14 07:01 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-06-14 07:01 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-06-14 07:01 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2014-06-14 07:01 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-14 07:01 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-06-14 07:01 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-06-14 07:01 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-14 07:01 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2014-06-14 07:01 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-06-14 07:01 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2014-06-14 07:01 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-06-14 07:01 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2014-06-14 07:01 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-06-14 07:00 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-11 12:02 - 2014-07-03 12:01 - 00000856 _____ () C:\Users\Chara's Work\Documents\apfm.txt

 

==================== One Month Modified Files and Folders =======

 

2014-07-07 09:24 - 2014-07-07 09:23 - 00026790 _____ () C:\Users\Chara's Work\Downloads\FRST.txt

2014-07-07 09:23 - 2014-07-07 09:23 - 00000000 ____D () C:\FRST

2014-07-07 09:23 - 2014-07-06 16:07 - 24887296 _____ () C:\Users\Chara's Work\AppData\Local\ChromeHitoryDB

2014-07-07 09:22 - 2014-07-07 09:22 - 02084352 _____ (Farbar) C:\Users\Chara's Work\Downloads\FRST64.exe

2014-07-07 09:20 - 2012-12-08 12:15 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job

2014-07-07 09:11 - 2012-09-22 12:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-07 09:05 - 2012-10-09 10:54 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-07 08:58 - 2012-07-19 08:44 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2526592388-2313282358-3829499931-1001UA.job

2014-07-07 08:49 - 2009-07-13 23:51 - 00148915 _____ () C:\Windows\setupact.log

2014-07-07 08:35 - 2014-07-06 21:50 - 00005008 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEOFFICE-Chara's Work HomeOffice

2014-07-07 08:22 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-07 08:22 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-07 08:18 - 2012-06-18 11:06 - 01226048 _____ () C:\Windows\WindowsUpdate.log

2014-07-07 08:16 - 2014-05-13 14:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-07 08:14 - 2012-01-17 12:35 - 00000000 ____D () C:\ProgramData\PDFC

2014-07-07 08:13 - 2013-05-31 10:35 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2014-07-07 08:13 - 2012-10-09 10:54 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-07 08:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-07 07:40 - 2010-11-20 22:47 - 01323844 _____ () C:\Windows\PFRO.log

2014-07-07 04:01 - 2014-07-07 04:01 - 00087074 _____ () C:\Users\Chara's Work\Downloads\Extras.Txt

2014-07-07 03:54 - 2014-07-07 03:54 - 00180136 _____ () C:\Users\Chara's Work\Downloads\OTL.Txt

2014-07-07 03:15 - 2014-07-07 03:15 - 00602112 _____ (OldTimer Tools) C:\Users\Chara's Work\Downloads\OTL.exe

2014-07-07 00:51 - 2014-05-20 18:13 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForChara's Work.job

2014-07-06 23:16 - 2014-07-06 23:16 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-06 23:16 - 2014-07-06 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-06 23:15 - 2014-07-06 23:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-06 23:13 - 2014-07-06 23:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chara's Work\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-06 22:22 - 2014-07-06 22:22 - 00995328 _____ () C:\Users\Chara's Work\Downloads\MicrosoftFixit50784 (1).msi

2014-07-06 22:21 - 2014-07-06 22:21 - 00995328 _____ () C:\Users\Chara's Work\Downloads\MicrosoftFixit50784.msi

2014-07-06 21:56 - 2014-07-06 21:56 - 29183200 _____ (Microsoft Corporation) C:\Users\Chara's Work\Downloads\Windows-KB890830-x64-V5.13.exe

2014-07-06 18:09 - 2014-07-06 18:09 - 00000000 ____D () C:\Windows\Sun

2014-07-06 16:07 - 2014-07-06 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open JDK Explorer

2014-07-06 16:07 - 2014-07-06 16:06 - 00000000 ____D () C:\Program Files (x86)\Open JDK Explorer

2014-07-06 16:05 - 2014-07-06 16:05 - 00003282 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule

2014-07-06 16:05 - 2014-07-06 16:05 - 00000000 ____D () C:\Users\Chara's Work\Documents\Optimizer Pro

2014-07-06 16:03 - 2013-10-06 11:19 - 00005020 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CharasWork-HP-Chara's Work CharasWork-HP

2014-07-06 15:48 - 2012-06-18 11:11 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{670F2AA9-FCEB-4D23-97DE-4CEF43730420}

2014-07-05 19:58 - 2012-07-19 08:44 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2526592388-2313282358-3829499931-1001Core.job

2014-07-04 21:21 - 2012-10-26 13:06 - 00000000 ____D () C:\Windows\Minidump

2014-07-04 21:21 - 2012-01-17 15:14 - 00338358 ____N () C:\Windows\Minidump\070414-23774-01.dmp

2014-07-03 12:01 - 2014-06-11 12:02 - 00000856 _____ () C:\Users\Chara's Work\Documents\apfm.txt

2014-07-02 19:35 - 2012-01-17 15:14 - 00338358 ____N () C:\Windows\Minidump\070214-22495-01.dmp

2014-07-01 18:51 - 2014-05-20 18:13 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForChara's Work

2014-07-01 18:50 - 2012-12-19 03:50 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-07-01 18:50 - 2012-06-25 16:42 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-07-01 18:48 - 2012-06-25 16:39 - 00000000 ____D () C:\Users\Chara's Work\AppData\Roaming\HP Support Assistant

2014-07-01 18:48 - 2012-06-19 12:05 - 00000000 ____D () C:\Users\Chara's Work\AppData\Roaming\HpUpdate

2014-07-01 11:30 - 2014-07-01 11:30 - 00000133 _____ () C:\Users\Chara's Work\Documents\todo.txt

2014-06-28 14:18 - 2013-01-07 09:28 - 00000000 ____D () C:\Users\Chara's Work\AppData\Local\Adobe

2014-06-24 08:47 - 2014-06-24 08:47 - 09001320 _____ () C:\Users\Chara's Work\Downloads\iSS.Transcription-2.0.27.zip

2014-06-22 18:34 - 2014-05-09 20:56 - 00001832 _____ () C:\Users\Chara's Work\AppData\Local\SLC_Chara's Work.prx

2014-06-21 00:18 - 2014-06-21 00:18 - 05146029 _____ () C:\Users\Chara's Work\Downloads\NineWestExampleCall.wma

2014-06-20 11:18 - 2014-06-20 11:18 - 00000000 ____D () C:\Users\Chara's Work\AppData\Local\{FCC02365-5131-4E95-BE4B-CDD24B1BB07C}

2014-06-20 08:25 - 2014-06-20 08:25 - 00001086 _____ () C:\Users\Chara's Work\Downloads\attachments.html

2014-06-20 08:02 - 2009-07-14 00:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-06-19 20:00 - 2012-10-09 10:54 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-19 20:00 - 2012-10-09 10:54 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-18 16:26 - 2013-09-18 17:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-06-16 21:24 - 2012-06-18 12:28 - 00000000 ____D () C:\Users\Chara's Work\AppData\Roaming\SoftGrid Client

2014-06-16 19:53 - 2012-07-19 08:44 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2526592388-2313282358-3829499931-1001UA

2014-06-16 19:53 - 2012-07-19 08:44 - 00003524 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2526592388-2313282358-3829499931-1001Core

2014-06-14 14:00 - 2014-04-22 14:08 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-06-14 07:16 - 2013-08-15 00:42 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-12 12:13 - 2009-07-14 00:13 - 00797760 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-10 10:10 - 2014-02-10 19:06 - 00000822 _____ () C:\Users\Chara's Work\Documents\businessneeds.txt

2014-06-08 08:02 - 2012-06-18 23:39 - 00000000 ____D () C:\Users\Chara's Work\AppData\Local\CrashDumps

2014-06-08 04:13 - 2014-06-14 07:01 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-08 04:08 - 2014-06-14 07:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

 

Files to move or delete:

====================

C:\Users\Chara's Work\g2ax_customer_downloadhelper_win32_x86.exe

 

 

Some content of TEMP:

====================

C:\Users\Chara's Work\AppData\Local\Temp\CertificatesDLL.dll

C:\Users\Chara's Work\AppData\Local\Temp\install_flashplayer14x32axau_chrd_dn_awa_aih.exe

C:\Users\Chara's Work\AppData\Local\Temp\install_flashplayer14x32axau_chrd_dn_awa_aih_1.exe

C:\Users\Chara's Work\AppData\Local\Temp\UNINSTALL.EXE

C:\Users\Chara's Work\AppData\Local\Temp\vpnclient_setup.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-06-29 20:04

 

==================== End Of Log ============================

 

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01

Ran by Chara's Work at 2014-07-07 09:25:43

Running from C:\Users\Chara's Work\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

24im (Remove Only) (HKLM-x32\...\24im) (Version:  - 24im LLC)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden

Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,2,247,0 - Adobe Systems Incorporated)

Adobe Connect Add-in (HKCU\...\Adobe Connect Add-in) (Version:  - )

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

AIM for Windows (HKCU\...\AIM) (Version:  - AOL Inc.)

AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.60512.1804 - ATI Technologies Inc.) Hidden

AMD VISION Engine Control Center (x32 Version: 2011.0512.1812.30806 - ATI) Hidden

Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ATI Catalyst Install Manager (HKLM\...\{85A5A208-1A5A-A736-170E-AA826BC19B2A}) (Version: 3.0.829.0 - ATI Technologies, Inc.)

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)

BodyMedia SYNC (HKLM-x32\...\InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}) (Version: 2.3.1.102 - BodyMedia, Inc.)

BodyMedia SYNC (x32 Version: 2.3.1.102 - BodyMedia, Inc.) Hidden

Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0512.1812.30806 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2011.0512.1812.30806 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2011.0512.1812.30806 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Czech (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Danish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Dutch (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help English (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Finnish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help French (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help German (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Greek (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Italian (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Japanese (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Korean (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Polish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Russian (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Spanish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Swedish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Thai (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

CCC Help Turkish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden

ccc-utility64 (Version: 2011.0512.1812.30806 - ATI) Hidden

Check Point Deployment Shell (HKLM-x32\...\{9f269e78-0342-4d98-943a-8440ec8271b4}) (Version: 8.00.0000 - Check Point)

Check Point SSL Network Extender Service (HKLM-x32\...\{cc1550f2-f81f-49d8-b834-4cd9660d8430}) (Version: 7.01.0000 - CheckPoint)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)

Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)

Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)

Citrix online plug-in (DV) (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden

Citrix online plug-in (HDX) (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden

Citrix online plug-in (USB) (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden

Citrix online plug-in (Web) (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden

Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)

Computer Requirements 1.0 (HKLM-x32\...\{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1) (Version:  - Furst Person)

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DemoForge Mirage Driver for TightVNC 2.0 (HKLM\...\DemoForge Mirage Driver for TightVNC_is1) (Version: 2.0 - DemoForge LLC)

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION

Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)

HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden

HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{1AB4DB8C-4123-45DC-B896-C67990F76DA4}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)

HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)

HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)

HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)

HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden

HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.10572 - HP Photo Creations Powered by RocketLife)

HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)

HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)

HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)

HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)

INSPI2 PC (HKLM-x32\...\{B4A95D63-6D4D-46CF-AC31-70CBA017FC66}) (Version: 2.1.0.0000 - Safeguard Properties, Inc.)

Interaction Center User Applications with su10 (HKLM-x32\...\{B262C4C9-0C49-4C0B-86E2-4B54122B23D7}) (Version: 3.014.13005 - Interactive Intelligence, Inc.)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.1.8.20737 - Juniper Networks)

Juniper Networks Network Connect 7.1.8 (HKLM-x32\...\Juniper Network Connect 7.1.8) (Version: 7.1.8.20737 - Juniper Networks)

Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.8.19851 - Juniper Networks, Inc.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden

Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.2600 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MySQL Connector/ODBC 3.51 (HKLM-x32\...\{40928C54-F8EE-420D-BD80-07F2F78CFB0D}) (Version: 3.51.27 - MySQL AB)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden

opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden

PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)

PrimoPDF (HKLM-x32\...\PrimoPDF4.1.0.9) (Version: 4.1.0.9 - activePDF)

QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden

Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)

RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden

Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)

Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)

TeleTech SIP (HKLM-x32\...\{90602C96-012B-4C0D-B45E-BBFCAED5468C}) (Version: 35.7.1513 - TeleTech)

TeleTech VNC 1.1.x (remove) (HKLM-x32\...\TeleTech-VNC) (Version: 1.1.35 - TeleTech)

TeleTech WB ISA (HKLM-x32\...\TeleTech ISA) (Version: 1.0.3 - TeleTech)

TeleTech WB Launcher (HKLM-x32\...\{304484E3-C4BF-4F48-B1FC-BBD5120E2B25}) (Version: 1.0.2 - TeleTech)

TeleTech WB Project Messages (HKLM-x32\...\TeleTech WBProjectMessages) (Version: 1.0.2 - TeleTech)

TeleTech WB URT Audio  (HKLM-x32\...\{5E6A0A1C-DD4E-4808-A77B-5D57D3E17962}) (Version: 1.0.1 - TeleTech)

The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden

Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden

TOS_Version14.0.100 (HKLM-x32\...\TOS_Version14.0.100_is1) (Version:  - Trakscape)

Trakscape (HKLM\...\{7AC68C2B-17F4-4086-8102-B0950F955BDE}) (Version: 13.0.70 - BC Connect, LLC)

TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VMware View Client (HKLM\...\{62552A33-CD67-44E0-9A89-0B971221BC40}) (Version: 5.0.1.640055 - VMware, Inc.)

WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)

Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Restore Points  =========================

 

23-06-2014 00:00:09 Windows Backup

25-06-2014 22:36:42 Windows Update

26-06-2014 19:59:46 Windows Update

28-06-2014 19:17:46 Windows Update

30-06-2014 00:17:57 Windows Backup

01-07-2014 23:40:39 Windows Update

03-07-2014 00:04:57 Windows Update

04-07-2014 01:17:27 Windows Update

06-07-2014 21:10:49 Removed Norton Online Backup

07-07-2014 02:56:38 Windows Backup

07-07-2014 05:35:17 Windows Update

07-07-2014 08:29:04 OTL Restore Point - 07/07/14 3:28:56 AM

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2014-06-14 07:02 - 00000064 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost 

143.61.236.3 CAD 

143.61.236.8 callout 

 

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {17D9EF7F-7C50-4149-951A-E661C38FF351} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {22627FB0-0899-45F1-BBCE-C42188C3E605} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)

Task: {3EF38E4D-BA05-4264-83DC-F60B636765E1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CharasWork-HP-Chara's Work CharasWork-HP => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-18] (Microsoft Corporation)

Task: {40C9100B-082D-48F8-8DF7-05079B19C960} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)

Task: {4CC6C861-FE7D-4032-9AF8-F40A49670917} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)

Task: {4FB8BFE5-9EEF-437A-A99B-442FE23B9A0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {5757AE62-0FCB-40C4-B3DF-22FA86B540B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)

Task: {6665453C-9E27-402F-A6D3-7CC3D33B5E25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {8F3FAE06-1C3F-4D84-9B5C-C2E3C2A51823} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {92F2B052-26B2-49D6-8018-7C6BE1936FD8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-18] (Microsoft Corporation)

Task: {93BC186E-AD21-4B04-949E-34B9BFA5D2E3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2526592388-2313282358-3829499931-1001UA => C:\Users\Chara's Work\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19] (Google Inc.)

Task: {93DCD691-2F15-494D-A67B-B5661F2A440B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2526592388-2313282358-3829499931-1001Core => C:\Users\Chara's Work\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19] (Google Inc.)

Task: {9C7CE0EE-73B1-4A7A-9FEA-71A1DC92D8ED} - System32\Tasks\PhotoProduct.exe => C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe [2012-11-18] (Visan / RocketLife)

Task: {9D9A47B2-6F13-4BAE-AFFD-B6EAF4276F74} - System32\Tasks\HPCeeScheduleForChara's Work => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {AA6A94CC-43FA-4361-9A79-247E4C29A58C} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-08] ()

Task: {BDDDF208-7394-4D80-ABCD-DF10C20DCC17} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION

Task: {C2AAB448-D927-46A4-98AA-6AAE6FDC6179} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {CFAA976A-555F-423B-A837-FD36A58FDB2D} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)

Task: {E6EDEBFB-6E49-43A9-BA05-35DF884FCA05} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{42871F80-91A3-406E-A762-583058A29B88}.exe

Task: {E8EA6361-BEED-4A4B-8455-EE12F35A8E6F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEOFFICE-Chara's Work HomeOffice => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-18] (Microsoft Corporation)

Task: {F84D2A97-F901-4B76-A2B8-7BA0AA2C5295} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {FA0A8D82-B4BE-4A11-8A12-52018F44F2AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{42871F80-91A3-406E-A762-583058A29B88}.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2526592388-2313282358-3829499931-1001Core.job => C:\Users\Chara's Work\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2526592388-2313282358-3829499931-1001UA.job => C:\Users\Chara's Work\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

Task: C:\Windows\Tasks\HPCeeScheduleForChara's Work.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-11-05 22:12 - 2006-11-06 18:55 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll

2014-03-19 13:33 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-06-18 16:24 - 2014-06-18 16:24 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2010-08-27 13:34 - 2010-08-27 13:34 - 03432448 _____ () C:\Users\Public\mysql\bin\mysqld-nt.exe

2014-07-06 16:07 - 2014-07-02 15:41 - 00988160 _____ () C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe

2011-05-12 21:10 - 2011-05-12 21:10 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2011-03-14 17:20 - 2011-03-14 17:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2012-12-08 12:14 - 2012-12-08 12:14 - 00185472 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe

2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll

2012-01-30 16:21 - 2012-01-30 16:21 - 01126400 _____ () C:\Program Files (x86)\Interactive Intelligence\ICUserApps\ace-w32r-1-1.dll

2012-01-30 16:21 - 2012-01-30 16:21 - 01126400 _____ () C:\Program Files (x86)\Interactive Intelligence\ININ Trace Initialization\ace-w32r-1-1.dll

2014-07-07 08:14 - 2014-07-07 08:14 - 00580701 _____ () C:\Users\Chara's Work\AppData\Local\Temp\tmp8342.tmp

2014-02-04 16:47 - 2014-02-04 16:47 - 23782856 _____ () C:\Users\Chara's Work\AppData\Local\AOL\AIM\libcef.dll

2014-02-04 14:33 - 2014-02-04 14:33 - 16233864 _____ () C:\Users\Chara's Work\AppData\Local\AOL\AIM\npswf32.dll

2014-06-12 13:59 - 2014-06-05 08:58 - 00716616 _____ () C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll

2014-06-12 13:59 - 2014-06-05 08:58 - 00126280 _____ () C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll

2014-06-12 13:59 - 2014-06-05 08:58 - 04217672 _____ () C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll

2014-06-12 13:59 - 2014-06-05 08:58 - 00414536 _____ () C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

2014-06-12 13:59 - 2014-06-05 08:58 - 01732424 _____ () C:\Users\Chara's Work\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== EXE Association (whitelisted) =============

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

 

==================== Faulty Device Manager Devices =============

 

Name: Cisco Systems VPN Adapter for 64-bit Windows

Description: Cisco Systems VPN Adapter for 64-bit Windows

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: CVirtA

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/06/2014 11:24:35 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1780

 

Start Time: 01cf999b1946a237

 

Termination Time: 1003

 

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

 

Report Id:

 

Error: (07/06/2014 10:22:36 PM) (Source: MsiInstaller) (EventID: 10005) (User: HOMEOFFICE)

Description: Product: Microsoft Fix it 50784 -- This Microsoft Fix it does not apply to your operating system or application version.

 

Error: (07/06/2014 10:22:07 PM) (Source: MsiInstaller) (EventID: 10005) (User: HOMEOFFICE)

Description: Product: Microsoft Fix it 50784 -- This Microsoft Fix it does not apply to your operating system or application version.

 

Error: (07/06/2014 09:57:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: HOMEOFFICE)

Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.

 

Error: (07/06/2014 03:51:11 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073415161

 

Error: (07/06/2014 03:50:35 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program install_flashplayer14x32axau_chrd_dn_awa_aih.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 15e0

 

Start Time: 01cf995b0d309d29

 

Termination Time: 13

 

Application Path: C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFKEIF2O\install_flashplayer14x32axau_chrd_dn_awa_aih.exe

 

Report Id:

 

Error: (07/05/2014 01:52:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073415161

 

Error: (07/05/2014 01:07:10 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

 

Error: (07/04/2014 01:52:23 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073415161

 

Error: (07/03/2014 03:14:18 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073415161

 

 

System errors:

=============

Error: (07/04/2014 09:21:50 PM) (Source: BugCheck) (EventID: 1001) (User: )

Description: 0x00000116 (0xfffffa8006e534e0, 0xfffff880040968f0, 0x0000000000000000, 0x0000000000000002)C:\Windows\Minidump\070414-23774-01.dmp070414-23774-01

 

Error: (07/04/2014 09:21:50 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 9:20:11 PM on ‎7/‎4/‎2014 was unexpected.

 

Error: (07/03/2014 08:26:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811).

 

Error: (07/02/2014 07:35:30 PM) (Source: BugCheck) (EventID: 1001) (User: )

Description: 0x00000116 (0xfffffa8006ba04e0, 0xfffff88003ac88f0, 0x0000000000000000, 0x0000000000000002)C:\Windows\Minidump\070214-22495-01.dmp070214-22495-01

 

Error: (07/02/2014 07:35:29 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 7:16:06 PM on ‎7/‎2/‎2014 was unexpected.

 

Error: (07/02/2014 07:13:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811).

 

Error: (07/01/2014 06:42:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811).

 

Error: (06/28/2014 02:26:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811).

 

Error: (06/27/2014 11:49:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

 

Error: (06/26/2014 05:36:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

 

 

Microsoft Office Sessions:

=========================

Error: (07/06/2014 11:24:35 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe9.0.8112.16555178001cf999b1946a2371003C:\Program Files (x86)\Internet Explorer\iexplore.exe

 

Error: (07/06/2014 10:22:36 PM) (Source: MsiInstaller) (EventID: 10005) (User: HOMEOFFICE)

Description: Product: Microsoft Fix it 50784 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (07/06/2014 10:22:07 PM) (Source: MsiInstaller) (EventID: 10005) (User: HOMEOFFICE)

Description: Product: Microsoft Fix it 50784 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (07/06/2014 09:57:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: HOMEOFFICE)

Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (07/06/2014 03:51:11 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073415161

 

Error: (07/06/2014 03:50:35 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: install_flashplayer14x32axau_chrd_dn_awa_aih.exe0.0.0.015e001cf995b0d309d2913C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFKEIF2O\install_flashplayer14x32axau_chrd_dn_awa_aih.exe

 

Error: (07/05/2014 01:52:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073415161

 

Error: (07/05/2014 01:07:10 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

 

Error: (07/04/2014 01:52:23 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073415161

 

Error: (07/03/2014 03:14:18 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073415161

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 54%

Total physical RAM: 3686.54 MB

Available physical RAM: 1662.16 MB

Total Pagefile: 7371.27 MB

Available Pagefile: 4823.49 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:449.07 GB) (Free:357.8 GB) NTFS

Drive d: (HP_RECOVERY) (Fixed) (Total:16.59 GB) (Free:2.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8045B131)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software

Run date: 2014-07-07 09:34:30

-----------------------------

09:34:30.211    OS Version: Windows x64 6.1.7601 Service Pack 1

09:34:30.212    Number of processors: 2 586 0x200

09:34:30.214    ComputerName: HOMEOFFICE  UserName: 

09:34:32.155    Initialize success

09:34:32.156    VM: initialized successfully

09:34:32.298    VM: Amd CPU BiosDisabled 

09:34:41.623    VM: supported disk I/O storport.sys

09:37:29.362    AVAST engine defs: 14070700

09:37:47.815    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a

09:37:47.827    Disk 0 Vendor: ST350041 HP64 Size: 476940MB BusType: 11

09:37:47.961    Disk 0 MBR read successfully

09:37:47.975    Disk 0 MBR scan

09:37:48.107    Disk 0 Windows 7 default MBR code

09:37:48.119    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

09:37:48.136    Disk 0 default boot code

09:37:48.250    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       459848 MB offset 206848

09:37:48.385    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        16990 MB offset 941975552

09:37:48.630    Disk 0 scanning C:\Windows\system32\drivers

09:38:15.110    Service scanning

09:39:17.015    Modules scanning

09:39:17.051    Disk 0 trace - called modules:

09:39:17.083    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 

09:39:17.098    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048cf060]

09:39:17.113    3 CLASSPNP.SYS[fffff880019c843f] -> nt!IofCallDriver -> [0xfffffa80043dbac0]

09:39:17.128    5 amd_xata.sys[fffff88001065d00] -> nt!IofCallDriver -> \Device\0000006a[0xfffffa8004370060]

09:39:18.820    AVAST engine scan C:\Windows

09:39:25.374    AVAST engine scan C:\Windows\system32

09:48:25.277    AVAST engine scan C:\Windows\system32\drivers

09:48:57.520    AVAST engine scan C:\Users\Chara's Work

09:55:24.493    File: C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69R90EWG\JavaAK702[1].exe  **INFECTED** Win32:Adware-gen [Adw]

09:57:06.712    File: C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUJ07IAU\VOPackage_20140624[1].exe  **INFECTED** Win32:Dropper-gen [Drp]

10:25:06.129    AVAST engine scan C:\ProgramData

10:31:21.929    Scan finished successfully

10:35:01.059    Disk 0 MBR has been saved successfully to "C:\Users\Chara's Work\Desktop\MBR.dat"

10:35:01.187    The log file has been saved successfully to "C:\Users\Chara's Work\Desktop\aswMBR.txt"
Link to post
Share on other sites

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Download Updater (AOL Inc.)


Close the window.

 

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01

Ran by Chara's Work at 2014-07-08 14:30:41 Run:1

Running from C:\Users\Chara's Work\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Task: {BDDDF208-7394-4D80-ABCD-DF10C20DCC17} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CPDTDF

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CPDTDF

HKLM-x32\...\Run: [Windows YWN Monitor] => C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe [988160 2014-07-02] ()

HKLM-x32\...\Run: [ywnmon32] => C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe [988160 2014-07-02] ()

 

C:\Program Files (x86)\Optimizer Pro

C:\Users\Chara's Work\g2ax_customer_downloadhelper_win32_x86.exe

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69R90EWG\JavaAK702[1].exe

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUJ07IAU\VOPackage_20140624[1].exe

2014-07-06 16:05 - 2014-07-06 16:05 - 00003282 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule

2014-07-06 16:05 - 2014-07-06 16:05 - 00000000 ____D () C:\Users\Chara's Work\Documents\Optimizer Pro

2014-07-06 16:07 - 2014-07-07 09:23 - 24887296 _____ () C:\Users\Chara's Work\AppData\Local\ChromeHitoryDB

2014-07-06 16:07 - 2014-07-06 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open JDK Explorer

2014-07-06 16:06 - 2014-07-06 16:07 - 00000000 ____D () C:\Program Files (x86)\Open JDK Explorer

 

*****************

 

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BDDDF208-7394-4D80-ABCD-DF10C20DCC17}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDDDF208-7394-4D80-ABCD-DF10C20DCC17}' => Key deleted successfully.

C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule' => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.

'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.

'HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}'=> Key not found.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}'=> Key not found.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.

'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.

'HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Windows YWN Monitor => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ywnmon32 => value deleted successfully.

"C:\Program Files (x86)\Optimizer Pro" => File/Directory not found.

C:\Users\Chara's Work\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69R90EWG\JavaAK702[1].exe => Moved successfully.

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUJ07IAU\VOPackage_20140624[1].exe => Moved successfully.

"C:\Windows\System32\Tasks\Optimizer Pro Schedule" => File/Directory not found.

C:\Users\Chara's Work\Documents\Optimizer Pro => Moved successfully.

Could not move "C:\Users\Chara's Work\AppData\Local\ChromeHitoryDB" => Scheduled to move on reboot.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open JDK Explorer => Moved successfully.

C:\Program Files (x86)\Open JDK Explorer => Moved successfully.

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-08 14:33:12)<=

 

C:\Users\Chara's Work\AppData\Local\ChromeHitoryDB => Is moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 07/08/14

Scan Time: 2:44:23 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.08.09

Rootkit Database: v2014.07.07.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Chara's Work

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 317852

Time Elapsed: 44 min, 12 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\FRST\Quarantine\C\Program Files (x86)\Open JDK Explorer\jdkcheck.exe Win32/Tivmonk.B trojan

C:\FRST\Quarantine\C\Program Files (x86)\Open JDK Explorer\serviceio.exe a variant of Win32/Amonetize.AU potentially unwanted application

C:\FRST\Quarantine\C\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69R90EWG\JavaAK702[1].exe.xBAD multiple threats

C:\FRST\Quarantine\C\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUJ07IAU\VOPackage_20140624[1].exe.xBAD Win32/VOPackage.J potentially unwanted application

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\807VW61B\embededstub[1].exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\807VW61B\spstub[1].exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUJ07IAU\l1ieg7vu5t[1].htm JS/Exploit.Agent.NHC trojan

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUJ07IAU\OptimizerPro[1].exe a variant of Win32/AdWare.SpeedingUpMyPC.L application

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUJ07IAU\Setup[1].exe Win32/BrowseFox.L potentially unwanted application

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUJ07IAU\swa1_23[1].exe a variant of MSIL/Adware.StrongVault.A application

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFKEIF2O\AA_v3.4.exe a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFKEIF2O\sp-downloader[1].exe Win32/Conduit.SearchProtect.N potentially unwanted application

C:\Users\Chara's Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFKEIF2O\SPSetup[1].exe probably a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

 # AdwCleaner v3.215 - Report created 09/07/2014 at 16:47:14

# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chara's Work - CHARASWORK
# Running from : C:\Users\Chara's Work\Downloads\adwcleaner_3.215.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\CHARA'~1\AppData\Local\Temp\apn
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\CHARA'~1\AppData\Local\Temp\Uninstall.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16561
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Chara's Work\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://isearch.avg.com/search?cid={90910EC2-344A-4F59-A6BF-A37990D4E89B}&mid=e5dc8d58f95947d08e55e92931342f06-8567935732edad01bf773331c2405f2cf05fe987〈=en&ds=AVG&pr=fr&d=2012-07-06 04:22:56&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
Deleted [search Provider] : hxxp://isearch.intuit.com/search?_dyncharset=ISO-8859-1&_dynSessConf=-8675613927597344793&q={searchTerms}&output=xml_no_dtd&client=turbotax_site&site=turbotax_site&proxystylesheet=turbotax_site&num=10
Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=21C519E7-7B5A-4EB5-9B17-2F89D4D94659&apn_ptnrs=TV&apn_sauid=A03BDBD7-99D2-4D88-9494-EBAC11A2CABA&apn_dtid=OSJ000YYUS&q={searchTerms}
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [4925 octets] - [09/07/2014 16:43:30]
AdwCleaner[s0].txt - [5750 octets] - [09/07/2014 16:47:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5810 octets] ##########
Link to post
Share on other sites

# AdwCleaner v3.215 - Report created 09/07/2014 at 16:47:14

# Updated 09/07/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Chara's Work - CHARASWORK

# Running from : C:\Users\Chara's Work\Downloads\adwcleaner_3.215.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Users\CHARA'~1\AppData\Local\Temp\apn

File Deleted : C:\Users\Public\Desktop\eBay.lnk

File Deleted : C:\Users\CHARA'~1\AppData\Local\Temp\Uninstall.exe

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16561

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Chara's Work\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://isearch.avg.com/search?cid={90910EC2-344A-4F59-A6BF-A37990D4E89B}&mid=e5dc8d58f95947d08e55e92931342f06-8567935732edad01bf773331c2405f2cf05fe987〈=en&ds=AVG&pr=fr&d=2012-07-06 04:22:56&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}

Deleted [search Provider] : hxxp://isearch.intuit.com/search?_dyncharset=ISO-8859-1&_dynSessConf=-8675613927597344793&q={searchTerms}&output=xml_no_dtd&client=turbotax_site&site=turbotax_site&proxystylesheet=turbotax_site&num=10

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=21C519E7-7B5A-4EB5-9B17-2F89D4D94659&apn_ptnrs=TV&apn_sauid=A03BDBD7-99D2-4D88-9494-EBAC11A2CABA&apn_dtid=OSJ000YYUS&q={searchTerms}

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

 

*************************

 

AdwCleaner[R0].txt - [4925 octets] - [09/07/2014 16:43:30]

AdwCleaner[s0].txt - [5750 octets] - [09/07/2014 16:47:14]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5810 octets] ##########
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.85  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 55  

 Java version out of Date! 

 Adobe Reader XI  

 Google Chrome 35.0.1916.114  

 Google Chrome 35.0.1916.153  

 Google Chrome plugins...  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

 

 


 Results of screen317's Security Check version 0.99.85  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 55  

 Java version out of Date! 

 Adobe Reader XI  

 Google Chrome 35.0.1916.114  

 Google Chrome 35.0.1916.153  

 Google Chrome plugins...  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

 

Link to post
Share on other sites

These threats are witihn your IE´s cache and will be deleted soon.

 

Your system is clean now! :)

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.





Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

 

Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:

  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now

More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.