Jump to content

Possible Malware


Recommended Posts

Hi Guys,

  I hope I can get some help. I was in Google Chrome, when a pop up came up and said some thing to the effect " click to update player". I did, then I exited Chrome and the reopened Chrome. It did not put me on my default page so I immediately went to the Control Panel to see what I just installed. It downloaded 4 items I uninstalled 3. But the 4th is not uninstalling and I think I have Malware. In the the Control Panel is shows Browser_APPS1.1. When I click details it shows this name FCC74B77-EC3E-4D08-A80B-008A702075A9. BTW my OS is Windows Vista and I am running Norton Internet Security.

Link to post
Share on other sites

Hello,
 

They call me TwinHeadedEagle around here, and I'll be working with you.

 


Before we start please read and note the following:

icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
icon_arrow.gif Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.
icon_arrow.gif Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
icon_arrow.gif If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

Please download Farbar Recovery Scan Tool (FRST_canned.png) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Here you go.

 

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014

Ran by Mark (administrator) on MARK-PC on 22-07-2014 08:08:45
Running from C:\Users\Mark\Downloads
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\hp\HPEZBTN\HPBtnSrv.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
() C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(browser) C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-nova.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\Pac207\Monitor.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\WINDOWS\System32\alg.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Link to post
Share on other sites

And again. BTW I do know how to get the attachment into the post. Give me detailed instructions later and I will do it from then on. 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Mark at 2014-07-22 08:10:57
Running from C:\Users\Mark\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 2.2.5 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Anti-phishing Domain Advisor (HKLM-x32\...\Anti-phishing Domain Advisor) (Version: 1.0.0.0 - Visicom Media Inc. (Powered by Panda Security))
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bloggie Software (HKLM-x32\...\{BB224314-1E95-4F44-A041-444D0435EFE0}C) (Version: 03.01.0099 - Sony)
Bloggie Software (x32 Version: 03.01.0099 - Sony) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - )
Canon PowerShot ELPH 110 HS_IXUS 125 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSELPH110HS_IXUS125HS) (Version: 1.0.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.7.0.11 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: .1707 - CyberLink Corp.)
Destination Component (x32 Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_ProductContext (x32 Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 100.0.213.000 - Hewlett-Packard) Hidden
DriverBoost (HKLM-x32\...\{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}) (Version: 8.0.1 - DriverBoost)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version:  - Hewlett-Packard)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
F4200 (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
F4200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Files Opened (HKLM-x32\...\Files Opened) (Version: 1.0 - )
Firefox Packages (HKCU\...\Firefox Packages) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Active Support Library (x32 Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Customer Feedback (x32 Version: 1.0.0 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Demo (HKLM-x32\...\{F827B95C-1BF5-43B4-9E26-CDC596ECE3AE}) (Version: 1.00.0000 - Hewlett-Packard)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}) (Version: 10.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (x32 Version: 1.03.0000 - Hewlett-Packard) Hidden
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Picasso Media Center Add-In (x32 Version: 1.0.0 - HP) Hidden
HP Product Detection (HKLM-x32\...\{3C22981C-5C14-4176-B0E8-C2BE71174C41}) (Version: 11.14.0003 - HP)
HP Recovery Manager RSS (x32 Version: 84.0.0.7 - Hewlet Packard Company) Hidden
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Total Care Advisor (HKLM-x32\...\{F31E534B-4199-4552-8154-5C130710D68E}) (Version: 2.4.6651.2902 - Hewlett-Packard)
HP Update (HKLM-x32\...\{612F4E20-3661-4D44-AD79-823F1B613FB3}) (Version: 5.002.008.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java SE Development Kit 6 Update 23 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160230}) (Version: 1.6.0.230 - Oracle)
Java SE Development Kit 6 Update 23 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160230}) (Version: 1.6.0.230 - Oracle)
JavaFX 1.3 SDK (HKLM-x32\...\{5aa47dba-b584-4d47-a626-76e53f010300}) (Version: 1.3.0 - Oracle Corporation)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2913 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LightScribeTemplateLabeler (HKLM-x32\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Logitech Alert Commander (HKLM-x32\...\{9C815CCE-8A56-4C1E-A3CA-D1BA519882BC}) (Version: 3.5.97 - Logitech)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 2.1.121.2 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ESN) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (FRA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM-x32\...\{D814B1DF-E73D-46B5-B2D2-2C75F82B27FE}) (Version: 6.10.050 - muvee Technologies)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.25.6  - NETGEAR Inc.)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Norton Safe Web Lite (HKLM-x32\...\NST) (Version: 1.2.0.6 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.4109 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2926 - CyberLink Corp.)
PowerDirector (x32 Version: 6.5.2926 - CyberLink Corp.) Hidden
Prepware 2011 (HKLM-x32\...\{274A8BAD-AF73-4879-AF88-7F2A782BD798}) (Version: 1.0.0 - ASA)
PSSWCORE (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink Wireless LAN (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.2.5 - RaLink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Scan (x32 Version: 10.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
sp41119 (HKLM-x32\...\sp41119) (Version:  - Hewlett-Packard)
sp44626 (HKLM-x32\...\sp44626) (Version:  - Hewlett-Packard)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Status (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Video Download Converter version 1.0.0.0 (HKLM-x32\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION
VideoToolkit01 (x32 Version: 110.0.171.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.5 - WildTangent)
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
05-07-2014 10:00:12 Windows Update
06-07-2014 07:00:01 Scheduled Checkpoint
06-07-2014 10:00:10 Windows Update
07-07-2014 07:36:41 Scheduled Checkpoint
07-07-2014 10:00:10 Windows Update
08-07-2014 07:00:01 Scheduled Checkpoint
08-07-2014 10:00:10 Windows Update
09-07-2014 07:00:01 Scheduled Checkpoint
09-07-2014 10:00:11 Windows Update
09-07-2014 10:34:50 Windows Update
10-07-2014 07:00:01 Scheduled Checkpoint
11-07-2014 18:05:08 Scheduled Checkpoint
12-07-2014 10:00:10 Windows Update
13-07-2014 07:00:01 Scheduled Checkpoint
14-07-2014 07:00:01 Scheduled Checkpoint
14-07-2014 20:04:50 Scheduled Checkpoint
15-07-2014 11:10:14 Device Driver Package Install: Canon Printers
16-07-2014 07:00:01 Scheduled Checkpoint
17-07-2014 07:00:01 Scheduled Checkpoint
18-07-2014 07:00:01 Scheduled Checkpoint
18-07-2014 23:50:55 Removed Adobe Reader X (10.1.10).
20-07-2014 07:00:01 Scheduled Checkpoint
21-07-2014 07:00:01 Scheduled Checkpoint
22-07-2014 07:00:01 Scheduled Checkpoint
22-07-2014 14:42:41 Installed Java 7 Update 65
 
==================== Hosts content: ==========================
 
2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05220472-0A23-44FC-A3B8-77B10F5AB510} - System32\Tasks\Updater21804.exe => C:\Users\Mark\AppData\Local\Updater21804\Updater21804.exe <==== ATTENTION
Task: {074209E9-CF0C-43DD-8290-D183B1211FEE} - \2d47af42-be81-4042-94eb-ee5061befa9a-3 No Task File <==== ATTENTION
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0DAE8491-7F76-44A7-A1FD-4D74E706360C} - System32\Tasks\0 => Iexplore.exe 
Task: {16BA3FAC-E8B0-4F1E-B77A-906987ADE1D4} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)
Task: {1713B0FD-EB4C-4EE6-A77F-691946E73F68} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {31093500-06B6-41B5-B41E-B149996BFEB3} - \2d47af42-be81-4042-94eb-ee5061befa9a-1 No Task File <==== ATTENTION
Task: {311BB7A8-E79F-4352-8D71-F87E27A7E922} - \2d47af42-be81-4042-94eb-ee5061befa9a-6 No Task File <==== ATTENTION
Task: {32727448-6832-4F2A-B2D0-2ED466BCB9C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-26] (Google Inc.)
Task: {3DADE513-F359-4269-9928-B44E9935EC2B} - System32\Tasks\Searchya => C:\Users\Mark\AppData\Roaming\Searchya\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3E0691CF-D92F-4956-89C7-6169F826B207} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {4AED8E48-962D-445F-93FE-DEF3BABA8377} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Mark => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {5489470E-3758-43EE-A6C0-ED8FA13D6D34} - \2d47af42-be81-4042-94eb-ee5061befa9a-11 No Task File <==== ATTENTION
Task: {5523BAEF-30D5-458C-9098-0080DB6F2BB0} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {69A60581-6C71-4FBC-8216-FE5EE8DEC8E3} - \2d47af42-be81-4042-94eb-ee5061befa9a-5 No Task File <==== ATTENTION
Task: {6E53DE86-3CEB-4EAA-A98D-19769B57A86F} - \Speedial No Task File <==== ATTENTION
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7E3D2DF4-E948-4D9B-A43E-00D2AC0F7A84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-26] (Google Inc.)
Task: {8846E090-D3F1-46E8-AA63-9C224C007F76} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {8EB9F2FD-3D60-40B2-891B-906906EC6BFB} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {A58857B0-E5CD-472A-864F-C3DEBCCF063A} - System32\Tasks\4576 => Wscript.exe C:\Users\Mark\AppData\Local\Temp\launchie.vbs //B
Task: {A9DC8659-8D23-4DBE-9F08-E42B7507CA6C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3925507965-2737114548-1989534415-1000Core => C:\Users\Mark\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {B3F37F40-22C6-4D1B-99DE-17F888817C73} - \2d47af42-be81-4042-94eb-ee5061befa9a-5_user No Task File <==== ATTENTION
Task: {B561F086-CE45-45FD-8AE1-A2BD4F9B0874} - System32\Tasks\Microsoft\Windows\RestartManager\{8F55F222-6B36-4184-B3AE-7884A3A853A9} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {B6D68E4F-D9A2-40AA-AC86-4A2CF07EE3CD} - \2d47af42-be81-4042-94eb-ee5061befa9a-4 No Task File <==== ATTENTION
Task: {BE189DD4-3D85-47A6-B3DD-633345A7D5E8} - \2d47af42-be81-4042-94eb-ee5061befa9a-2 No Task File <==== ATTENTION
Task: {C2F1983E-B2D4-4411-A2C3-DFCA79DE862D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3925507965-2737114548-1989534415-1000UA => C:\Users\Mark\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {CC04969E-24AD-45FA-BF06-4180F3C20624} - \2d47af42-be81-4042-94eb-ee5061befa9a-7 No Task File <==== ATTENTION
Task: {CF434E6E-02DA-467B-BEF6-3AD24C71C794} - System32\Tasks\PAV => C:\Program Files (x86)\PAV\pav.exe
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EA7999BF-F5C3-4E8C-BF49-60C79CDE2808} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FF8E38B2-79EE-4D72-BEB5-0B32F317EF0B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3925507965-2737114548-1989534415-1000Core.job => C:\Users\Mark\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3925507965-2737114548-1989534415-1000UA.job => C:\Users\Mark\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PAV.job => C:\Program Files (x86)\PAV\pav.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-04-14 19:50 - 2011-10-04 19:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2008-08-28 03:18 - 2007-05-29 15:19 - 00198240 _____ () c:\hp\HPEZBTN\HPBtnSrv.exe
2014-07-18 14:38 - 2014-07-21 23:21 - 00321784 _____ () C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe
2013-10-31 11:47 - 2013-10-31 11:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2014-07-10 20:02 - 2013-10-03 10:42 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2012-03-12 01:08 - 2012-03-12 01:08 - 01091872 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
2012-03-06 23:36 - 2012-03-06 23:36 - 00546080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe
2014-01-20 11:17 - 2014-01-20 11:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 11:16 - 2014-01-20 11:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-13 23:51 - 2013-09-13 23:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-13 23:50 - 2013-09-13 23:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-07-10 20:02 - 2013-10-03 10:42 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2012-03-06 23:36 - 2012-03-06 23:36 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
2012-03-06 23:36 - 2012-03-06 23:36 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
2012-03-06 23:36 - 2012-03-06 23:36 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2012-03-06 23:36 - 2012-03-06 23:36 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
2012-03-06 23:36 - 2012-03-06 23:36 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
2012-03-19 19:54 - 2012-03-19 19:54 - 01327616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2012-03-06 23:36 - 2012-03-06 23:36 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
2012-03-06 23:36 - 2012-03-06 23:36 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
2012-03-06 23:36 - 2012-03-06 23:36 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
2012-03-06 23:36 - 2012-03-06 23:36 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2012-03-12 18:58 - 2012-03-12 18:58 - 00217088 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2012-03-19 22:55 - 2012-03-19 22:55 - 01139200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2012-03-19 22:14 - 2012-03-19 22:14 - 02582016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2012-03-11 18:49 - 2012-03-11 18:49 - 00467456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2012-03-11 18:49 - 2012-03-11 18:49 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2012-03-19 19:57 - 2012-03-19 19:57 - 01110016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2012-03-19 23:20 - 2012-03-19 23:20 - 06586368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2012-03-12 00:17 - 2012-03-12 00:17 - 00914432 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2012-03-07 00:42 - 2012-03-07 00:42 - 00613888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2012-03-07 00:55 - 2012-03-07 00:55 - 00643072 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2012-03-19 22:55 - 2012-03-19 22:55 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2012-03-19 22:55 - 2012-03-19 22:55 - 00150528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-03-06 23:36 - 2012-03-06 23:36 - 00489472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2012-03-06 23:36 - 2012-03-06 23:36 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2012-03-06 23:36 - 2012-03-06 23:36 - 00076288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2012-03-13 23:16 - 2012-03-13 23:16 - 00394240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_TrafficMeter.dll
2012-03-19 19:56 - 2012-03-19 19:56 - 00261632 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_FirmwareUpdate.dll
2012-03-19 22:14 - 2012-03-19 22:14 - 00081920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2012-03-19 22:14 - 2012-03-19 22:14 - 00083968 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2012-03-12 18:58 - 2012-03-12 18:58 - 00138752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2014-05-01 14:00 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
2014-07-18 08:12 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 08:12 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 08:12 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk => C:\Windows\pss\Bloggie Watcher Utility.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: hpsysdrv => c:\hp\support\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KBD => C:\HP\KBD\KbdStub.EXE
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SelectRebates => "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VideoDownloadConverter Search Scope Monitor => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter #10
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/22/2014 06:50:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ccSvcHst.exe version 12.3.3.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c5c
Start Time: 01cfa5a513956ee8
Termination Time: 28132
 
Error: (07/22/2014 05:05:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2014 04:36:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2014 04:25:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ccSvcHst.exe, version 12.3.3.2, time stamp 0x519ab0d3, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0xb98, application start time 0xccSvcHst.exe0.
 
Error: (07/22/2014 04:24:51 AM) (Source: MsiInstaller) (EventID: 11309) (User: Mark-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.
 
Error: (07/22/2014 03:21:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/18/2014 06:01:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: b84
Start Time: 01cfa2ecc2bcbdb2
Termination Time: 7
 
Error: (07/18/2014 05:59:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 6ac
Start Time: 01cfa2ebbfdb8c32
Termination Time: 0
 
Error: (07/18/2014 05:56:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: fa8
Start Time: 01cfa2ebf1d4d252
Termination Time: 6
 
Error: (07/18/2014 05:50:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1ec
Start Time: 01cfa2eadd4c6ec2
Termination Time: 0
 
 
System errors:
=============
Error: (07/22/2014 05:05:58 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.1.5, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
 
Error: (07/22/2014 05:05:58 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
 
Error: (07/22/2014 05:05:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: NETGEARGenieDaemon
 
Error: (07/22/2014 05:05:54 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (07/22/2014 05:05:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Update Greener Web%%3
 
Error: (07/22/2014 05:05:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (07/22/2014 05:05:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/22/2014 05:04:09 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\system32\RAIHV.dll126
 
Error: (07/22/2014 04:40:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
Error: (07/22/2014 04:40:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
 
 
Microsoft Office Sessions:
=========================
Error: (07/22/2014 06:50:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ccSvcHst.exe12.3.3.2c5c01cfa5a513956ee828132
 
Error: (07/22/2014 05:05:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2014 04:36:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2014 04:25:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ccSvcHst.exe12.3.3.2519ab0d3unknown0.0.0.000000000c000000500000000b9801cfa596a48d6333
 
Error: (07/22/2014 04:24:51 AM) (Source: MsiInstaller) (EventID: 11309) (User: Mark-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)
 
Error: (07/22/2014 03:21:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/18/2014 06:01:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16561b8401cfa2ecc2bcbdb27
 
Error: (07/18/2014 05:59:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.165616ac01cfa2ebbfdb8c320
 
Error: (07/18/2014 05:56:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16561fa801cfa2ebf1d4d2526
 
Error: (07/18/2014 05:50:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.165611ec01cfa2eadd4c6ec20
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-22 08:09:42.626
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-22 08:09:41.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-22 08:09:41.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-22 08:09:40.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-22 08:09:16.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-22 08:09:16.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-22 08:09:15.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-22 08:09:14.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-22 08:08:57.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140703.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-22 08:08:56.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140703.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 7037.58 MB
Available physical RAM: 4008.87 MB
Total Pagefile: 14259.69 MB
Available Pagefile: 11338.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:583.05 GB) (Free:414.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.12 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=583 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

We'll search for some remnants that might be hiding.

 

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update

 

Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits

MBAMsettings.JPG


 

Go back to the Dashboard and select Scan Now

MBAMScan.JPG


 

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot

MBAMReboot.JPG


  

On completion of the scan (or after the reboot) select View Detailed Log

Select Export > Select text file and save to the desktop.

MBAMLog.JPG


 

 

Please post that log for my review.

Link to post
Share on other sites

Go to Control Panel and remove following:
- Catalina Savings Printer

- Firefox Packages

- Video Download Converter version 1.0.0.0

 

 

 

FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
 

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

 

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

  • Click on the Scan button.
  • After the scan has finished click on the Clean button.


Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Post logfile will also be saved in the C:\AdwCleaner folder.

 

 

 

 

Tell me how is your PC now?

fixlist.txt

Link to post
Share on other sites

I could not remove the Catalina Savings Printer. This is the message I received   Error 1404. Could not delete key.

\Software\Classes\CLSID\{ad848a76-f236-5ee2-819b-2bde7ed40ae}\Programmable

Verify that you have sufficient access to that key or contact support personnel.

Link to post
Share on other sites

Okay, I would like you to run one more tool:
 
 
 
51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;process;services-list;installedprogs;systemspecs;startupall;filesrcm;firefoxlook;chromelook;skipfix-iedefaults;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Attach report into your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.