Jump to content

Recommended Posts

Hello, 

 

I think my daughter's computer might be badly infected. I don't know much about computers but we did notice that in the task manager there was a chrome.exe *32 process that wouldn't terminate even when google chrome wasn't open and that was using the largest amount of memory. The internet lags alot and sometimes my daughter says she sees the command prompt box randomly execute by itself. When she uses the internet there is a CAPTCHA check that keeps popping up every couple of google searches. I'm not sure what this all means but at this point I'm getting pretty desperate. I know she tampers alot with her Sims games and such and I don't know if this all may be connected to that but can someone please help me. If you could I would be so grateful. We're not in any position to afford a new computer right now. 

 

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014
Ran by Ifeoma (administrator) on IFEOMA-HP on 28-09-2014 04:11:41
Running from C:\Users\Ifeoma\Downloads
Loaded Profile: Ifeoma (Available profiles: Ifeoma & Ona Itunes & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
( ) C:\Windows\System32\lxdfcoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [lxdfmon.exe] => C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe [455600 2007-06-11] ()
HKLM\...\Run: [lxdfamon] => C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe [20480 2007-06-01] ()
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Lexmark 6500 Series] => C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe [308144 2007-06-11] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM-x32\...\RunOnce: [spUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKU\S-1-5-21-3373813971-2742717451-131339173-1002\...\RunOnce: [VCRedist_del] => C:\Users\Ifeoma\AppData\Local\Microsoft\Redist\VCRedist.exe [136704 2014-09-02] (Program Redist)
HKU\S-1-5-21-3373813971-2742717451-131339173-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3373813971-2742717451-131339173-1002\...\MountPoints2: H - H:\Autorun.exe
Startup: C:\Users\Ifeoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoogleUpdater.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = chrome://newtab/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = chrome://newtab/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1407898796&from=irs&uid=ST9320325AS_6VDFYPNJ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = chrome://newtab/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1407898796&from=irs&uid=ST9320325AS_6VDFYPNJ&q={searchTerms}
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {60F6BB49-7031-4C89-B7F8-28D140FC5E8A} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} ->  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [DynamicPricer@dynamic-pricer.com] - C:\Users\Ifeoma\AppData\Local\DynamicPricer\Firefox\DynamicPricer.xpi
FF Extension: DynamicPricer - C:\Users\Ifeoma\AppData\Local\DynamicPricer\Firefox\DynamicPricer.xpi [2014-08-14]
 
Chrome: 
=======
CHR HomePage: Default -> chrome://newtab/
CHR StartupUrls: Default -> "chrome://newtab/"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> http://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default -> http://www.google.com/search?q={searchTerms}
CHR Profile: C:\Users\Ifeoma\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ifeoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-17]
CHR Extension: (Google Drive) - C:\Users\Ifeoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ifeoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-17]
CHR Extension: (YouTube) - C:\Users\Ifeoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-17]
CHR Extension: (Google Search) - C:\Users\Ifeoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-17]
CHR Extension: (Cosmopolise) - C:\Users\Ifeoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipihgjdhjoldhpfpmiiimpnmohpfhkcm [2014-08-25]
CHR Extension: (Google Wallet) - C:\Users\Ifeoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-17]
CHR Extension: (Gmail) - C:\Users\Ifeoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-17]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx []
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx []
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Ifeoma\AppData\Local\Slick Savings\coupons.crx []
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [223232 2014-06-26] (Code 42 Software) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
S2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118048 2014-07-16] (Elex do Brasil Participações Ltda)
S2 lxdfCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [33712 2007-05-29] (Lexmark International, Inc.)
R2 lxdf_device; C:\Windows\system32\lxdfcoms.exe [1053104 2007-05-29] ( )
R2 lxdf_device; C:\Windows\SysWOW64\lxdfcoms.exe [598960 2007-05-29] ( )
S3 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [247488 2014-07-16] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [78016 2014-07-16] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [65216 2014-07-16] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48640 2014-07-09] (Elex do Brasil Participações Ltda)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation)
R1 ssnfd; C:\Windows\System32\drivers\ssnfd.sys [58248 2014-08-21] (Search Snacks)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 iSafeKrnlBoot; \??\system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-28 04:11 - 2014-09-28 04:12 - 00014918 _____ () C:\Users\Ifeoma\Downloads\FRST.txt
2014-09-28 04:10 - 2014-09-28 04:11 - 00000000 ____D () C:\FRST
2014-09-28 04:09 - 2014-09-28 04:10 - 02108928 _____ (Farbar) C:\Users\Ifeoma\Downloads\FRST64.exe
2014-09-28 04:08 - 2014-09-28 04:08 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-28 04:08 - 2014-09-28 04:08 - 00001062 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-28 04:08 - 2014-09-28 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-28 04:08 - 2014-09-28 04:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-28 04:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-28 04:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-28 04:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 04:07 - 2014-09-28 04:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ifeoma\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-28 04:06 - 2014-09-28 04:11 - 00001666 _____ () C:\Users\Ifeoma\Desktop\Rkill.txt
2014-09-28 03:45 - 2014-09-28 03:45 - 04161313 _____ () C:\Users\Ifeoma\Downloads\tdsskiller (2).zip
2014-09-27 23:03 - 2014-09-28 04:14 - 00000346 _____ () C:\Windows\Tasks\bench-sys.job
2014-09-27 23:03 - 2014-09-28 03:17 - 00000346 _____ () C:\Windows\Tasks\bench-S-1-5-21-3373813971-2742717451-131339173-1002.job
2014-09-27 23:03 - 2014-09-27 23:03 - 00003242 _____ () C:\Windows\System32\Tasks\bench-sys
2014-09-27 23:03 - 2014-09-27 23:03 - 00003222 _____ () C:\Windows\System32\Tasks\bench-S-1-5-21-3373813971-2742717451-131339173-1002
2014-09-27 23:02 - 2014-09-27 23:02 - 00000000 ____D () C:\Users\Ifeoma\AppData\Local\Browser Warden
2014-09-27 23:02 - 2014-09-27 23:02 - 00000000 ____D () C:\Program Files (x86)\Browser Warden
2014-09-27 23:02 - 2014-09-27 23:02 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-09-27 22:41 - 2014-09-27 22:41 - 00000000 ____D () C:\Users\Ifeoma\AppData\Roaming\CrashPlan
2014-09-27 22:40 - 2014-09-27 22:41 - 00000000 ____D () C:\ProgramData\CrashPlan
2014-09-27 22:40 - 2014-09-27 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan PRO
2014-09-27 22:40 - 2014-09-27 22:40 - 00000000 ____D () C:\Program Files\CrashPlan
2014-09-27 22:37 - 2014-09-27 22:38 - 50362416 _____ (Code 42 Software) C:\Users\Ifeoma\Downloads\CrashPlanPRO-x64_3.6.3_Win.exe
2014-09-12 23:01 - 2014-09-27 22:44 - 00003304 _____ () C:\Windows\System32\Tasks\Chrome Launcher
2014-09-12 23:01 - 2014-09-12 23:01 - 00000000 ____D () C:\Program Files (x86)\Techsnab
2014-09-07 15:58 - 2014-09-07 15:58 - 00042785 _____ () C:\Users\Ifeoma\Downloads\[kickass.to]the.sims.4.pc.full.game.origins.multi17.nosteam.torrent
2014-09-07 14:51 - 2014-09-07 16:30 - 27044880 _____ (Electronic Arts Inc.) C:\Users\Ifeoma\Desktop\TS4.exe
2014-09-07 14:51 - 2014-09-07 16:14 - 02611200 _____ (Python Software Foundation) C:\Users\Ifeoma\Desktop\python33.dll
2014-09-07 14:51 - 2014-09-07 15:13 - 00001584 _____ () C:\Users\Ifeoma\Desktop\Default.ini
2014-09-07 14:01 - 2014-09-07 14:01 - 00491864 _____ () C:\Users\Ifeoma\Downloads\[MF SIMS_TS4] Blazers.rar
2014-09-07 14:01 - 2014-09-07 14:01 - 00421998 _____ () C:\Users\Ifeoma\Downloads\[TS4_MF SIMS] Dresses.rar
2014-09-07 14:01 - 2014-09-07 14:01 - 00143051 _____ () C:\Users\Ifeoma\Downloads\GRNDSCRM_Huf_Plantlife_Snapback_Green_Yellow.package
2014-09-07 13:35 - 2014-09-07 13:35 - 00405969 _____ () C:\Users\Ifeoma\Downloads\[MF SIMS_TS4] Jumpsuits.rar
2014-09-07 13:31 - 2014-09-07 13:31 - 00112686 _____ () C:\Users\Ifeoma\Downloads\DefaultReplacementEyes2.rar
2014-09-07 12:24 - 2014-09-07 13:25 - 00198408 _____ () C:\Users\Ifeoma\Downloads\altus_yfHair_longwavyoverrtshoulder_OmbreBalayage.zip
2014-09-07 12:24 - 2014-09-07 13:25 - 00132096 _____ () C:\Users\Ifeoma\Downloads\altus_robertocavalli_pant001.zip
2014-09-07 12:23 - 2014-09-07 12:23 - 00183142 _____ () C:\Users\Ifeoma\Downloads\altus_robertocavalli_top001.zip
2014-09-07 12:22 - 2014-09-07 12:23 - 00058620 _____ () C:\Users\Ifeoma\Downloads\altus_givanchy_sweater001.zip
2014-09-07 12:21 - 2014-09-07 12:23 - 00316177 _____ () C:\Users\Ifeoma\Downloads\altus_aliceandolivia_dress004.zip
2014-09-07 12:20 - 2014-09-07 12:22 - 00205062 _____ () C:\Users\Ifeoma\Downloads\altus_aliceandolivia_dress005.zip
2014-09-07 12:19 - 2014-09-07 12:22 - 00287831 _____ () C:\Users\Ifeoma\Downloads\altus_valentino_dress003.zip
2014-09-07 12:18 - 2014-09-07 12:18 - 01348647 _____ () C:\Users\Ifeoma\Downloads\PatternedJumperReplacements.rar
2014-09-07 12:16 - 2014-09-07 12:16 - 00177694 _____ () C:\Users\Ifeoma\Downloads\CroppedTeeMaxiSkirt.rar
2014-09-07 12:13 - 2014-09-07 12:13 - 00623473 _____ () C:\Users\Ifeoma\Downloads\simblier minimalistic tattoos.7z
2014-09-07 12:12 - 2014-09-07 12:12 - 00695527 _____ () C:\Users\Ifeoma\Downloads\simblier watercolour tattoos.rar
2014-09-07 12:05 - 2014-09-07 12:07 - 00458456 _____ () C:\Users\Ifeoma\Downloads\Dere_yfTop_BustierCrop.zip
2014-09-07 11:55 - 2014-09-07 11:55 - 02434923 _____ () C:\Users\Ifeoma\Downloads\Darkiie_HairShortBlowDry Recolors.rar
2014-09-07 11:54 - 2014-09-07 11:54 - 02155572 _____ () C:\Users\Ifeoma\Downloads\hairretexturebyhellasims.rar
2014-09-07 11:49 - 2014-09-07 11:49 - 03342211 _____ () C:\Users\Ifeoma\Downloads\deliriumsims_LongWavyClassic.rar
2014-09-07 11:32 - 2014-09-07 14:11 - 00000000 ____D () C:\Users\Ifeoma\Desktop\Mods
2014-09-07 11:23 - 2014-09-07 11:23 - 00667648 _____ () C:\Users\Ifeoma\Downloads\Detection.msi
2014-09-06 10:22 - 2014-09-06 10:31 - 00000000 ____D () C:\Users\Ona Itunes\AppData\Roaming\Azureus
2014-09-06 10:22 - 2014-09-06 10:22 - 00000000 ____D () C:\Users\Ona Itunes\.swt
2014-09-05 19:14 - 2014-03-20 13:10 - 00000553 _____ () C:\Users\Ifeoma\Documents\apartment&monthly costs.txt
2014-09-05 19:14 - 2014-02-21 21:07 - 00000553 _____ () C:\Users\Ifeoma\Documents\Dr. Okun's update.txt
2014-09-05 19:13 - 2014-05-27 13:41 - 00000294 _____ () C:\Users\Ifeoma\Documents\Metropolitan Dental.txt
2014-09-05 19:12 - 2014-09-05 19:12 - 00000070 _____ () C:\Users\Ifeoma\Documents\Makeup primer.txt
2014-09-05 19:11 - 2014-09-05 19:11 - 00002972 _____ () C:\Users\Ifeoma\Documents\Things to take up.txt
2014-09-05 19:11 - 2014-09-05 19:11 - 00002692 _____ () C:\Users\Ifeoma\Documents\Rkill.txt
2014-09-05 19:11 - 2014-09-05 19:11 - 00000347 _____ () C:\Users\Ifeoma\Documents\Goals and Rewards.txt
2014-09-05 19:10 - 2014-09-05 19:10 - 00000156 _____ () C:\Users\Ifeoma\Documents\movies to download again after space.txt
2014-09-05 02:19 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-09-05 02:19 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-09-05 02:19 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-09-04 22:27 - 2014-09-06 22:54 - 00000000 ____D () C:\Users\Ifeoma\Desktop\Game
2014-09-04 22:10 - 2014-09-04 22:10 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Ona Itunes\AppData\Local\Torch
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Ona Itunes\AppData\Local\Comodo
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Ona Itunes\AppData\Local\Chromatic Browser
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Ifeoma\AppData\Local\Torch
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Ifeoma\AppData\Local\Comodo
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Ifeoma\AppData\Local\Chromatic Browser
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-04 22:10 - 2014-09-04 22:10 - 00000000 ____D () C:\ProgramData\6ff329bd32dca709
2014-09-04 21:27 - 2014-09-04 21:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-03 22:35 - 2014-09-03 22:35 - 17088592 _____ (Electronic Arts, Inc.) C:\Users\Ifeoma\Downloads\OriginThinSetup (1).exe
2014-08-31 15:12 - 2014-08-31 15:12 - 00000000 ____D () C:\Users\Ifeoma\AppData\Roaming\Digiarty
2014-08-31 15:11 - 2014-08-31 15:11 - 37632656 _____ (Digiarty Software, Inc. ) C:\Users\Ifeoma\Downloads\winx-dvd-ripper-pt.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-28 04:08 - 2014-04-06 12:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-28 03:56 - 2014-01-06 04:16 - 01249387 _____ () C:\Windows\WindowsUpdate.log
2014-09-28 03:31 - 2013-11-05 14:45 - 00000000 ____D () C:\Users\Guest\Desktop\KSADS interviews
2014-09-28 03:30 - 2014-08-17 11:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-28 03:24 - 2013-01-07 15:00 - 00000000 ____D () C:\Program Files (x86)\Lexmark 6500 Series
2014-09-28 03:14 - 2014-05-27 21:56 - 00000000 ____D () C:\Program Files (x86)\Foxy Games
2014-09-27 22:59 - 2014-08-13 22:59 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-09-27 22:42 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-27 22:42 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-27 22:41 - 2014-04-06 01:08 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-09-27 13:03 - 2014-04-06 01:08 - 00000000 ____D () C:\Users\Ifeoma\AppData\Roaming\iSafe
2014-09-27 13:03 - 2013-07-23 01:58 - 00000000 ____D () C:\ProgramData\Big Fish
2014-09-27 13:03 - 2013-07-23 01:56 - 00000000 ____D () C:\BigFishCache
2014-09-27 13:03 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-27 12:41 - 2014-08-17 11:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-27 08:20 - 2012-09-24 16:20 - 00000000 ____D () C:\Users\Ifeoma\AppData\Roaming\vlc
2014-09-27 08:06 - 2009-07-14 01:13 - 00783468 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-27 08:02 - 2012-11-24 21:46 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForIfeoma
2014-09-27 08:02 - 2012-11-24 21:46 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForIfeoma.job
2014-09-26 23:24 - 2012-09-05 21:58 - 00000000 ____D () C:\Users\Ifeoma\AppData\Roaming\Azureus
2014-09-26 22:31 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-07 14:20 - 2012-09-10 18:19 - 00000000 ____D () C:\ProgramData\Origin
2014-09-07 14:19 - 2012-09-09 04:16 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-06 22:58 - 2014-05-11 23:52 - 00000000 ____D () C:\Users\Ifeoma\Desktop\SoA Season 6
2014-09-06 10:22 - 2013-06-28 11:15 - 00000000 ____D () C:\Users\Ona Itunes
2014-09-06 10:21 - 2013-06-28 11:15 - 00002215 _____ () C:\Users\Ona Itunes\Desktop\Google Chrome.lnk
2014-09-05 19:18 - 2012-09-09 18:23 - 00000000 ____D () C:\Users\Ifeoma\Desktop\the sims 3 stuff
2014-09-05 19:10 - 2013-06-15 12:33 - 00000000 ____D () C:\Users\Ifeoma\Desktop\Workouts
2014-09-05 18:10 - 2013-05-08 11:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-04 22:22 - 2013-07-23 12:17 - 00000000 ____D () C:\GameHouse Games
2014-09-04 22:10 - 2013-06-28 11:19 - 00000000 ____D () C:\Users\Ona Itunes\AppData\Local\Google
2014-09-04 22:10 - 2013-05-08 11:18 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-04 22:10 - 2012-09-05 18:25 - 00000000 ____D () C:\Users\Ifeoma\AppData\Local\Google
2014-09-04 22:10 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-04 22:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-04 22:10 - 2007-01-01 21:32 - 00000000 ____D () C:\Users\Administrator
2014-09-04 22:09 - 2013-02-07 21:47 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-03 22:39 - 2012-09-10 18:20 - 00000000 ____D () C:\Users\Ifeoma\AppData\Roaming\Origin
2014-09-03 22:39 - 2012-09-10 18:20 - 00000000 ____D () C:\Users\Ifeoma\AppData\Local\Origin
2014-09-03 22:16 - 2012-10-06 15:03 - 00000000 ____D () C:\Users\Ifeoma\AppData\Roaming\SoftGrid Client
2014-09-02 19:59 - 2012-09-05 21:58 - 00001808 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-02 19:59 - 2012-09-05 21:58 - 00001808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-09-02 19:59 - 2012-09-05 21:58 - 00001808 _____ () C:\ProgramData\Desktop\Vuze.lnk
2014-09-02 19:59 - 2012-09-05 21:57 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-08-31 15:38 - 2013-06-08 19:03 - 00000000 ____D () C:\Users\Ifeoma\AppData\Roaming\dvdcss
 
Files to move or delete:
====================
C:\Users\Ifeoma\powercfg.exe
 
 
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ifeoma\AppData\Local\Temp\GPUpd542628831.exe
C:\Users\Ifeoma\AppData\Local\Temp\GPUpd54277A001.exe
C:\Users\Ifeoma\AppData\Local\Temp\GPUpd54277A022.exe
C:\Users\Ifeoma\AppData\Local\Temp\nsm4A0E.exe
C:\Users\Ifeoma\AppData\Local\Temp\TsuBB35857B.dll
C:\Users\Ifeoma\AppData\Local\Temp\Uninstall.exe
C:\Users\Ifeoma\AppData\Local\Temp\y0heyy4t.jq3.exe
C:\Users\Ifeoma\AppData\Local\Temp\yi3it2qx.byd.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 04:02
 
==================== End Of Log ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014
Ran by Ifeoma at 2014-09-28 04:15:10
Running from C:\Users\Ifeoma\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0705.1115.18310 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60705.1113 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0705.1115.18310 - ATI) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0705.1115.18310 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0705.1115.18310 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0705.1115.18310 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help English (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help French (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help German (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
ccc-utility64 (Version: 2011.0705.1115.18310 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CrashPlan PRO (HKLM\...\{88321013-76DA-4C97-86EC-DB4212EE0F7F}) (Version: 3.6.3 - Code 42 Software)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.2.1.3726 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Lexmark 6500 Series (HKLM\...\Lexmark 6500 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PackageViewer (HKCU\...\22738407aaaa4250) (Version: 1.0.2.8 - Kuree)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 13-1112-2033 - Peter L Jones)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.4 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WJ III Normative Update Compuscore and Profiles Program (HKLM-x32\...\WJ III Normative Update Compuscore and Profiles Program) (Version:  - )
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
YAC (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
28-09-2014 02:39:18 Installed CrashPlan PRO
28-09-2014 07:02:15 Revo Uninstaller's restore point - Grim Tales 6 The Vengeance CE 1.0
28-09-2014 07:12:09 Revo Uninstaller's restore point - Nevertales - The Beauty Within CE
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {047CEB8F-21C7-49CD-861C-0D2EA5B6589F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1FA93F10-949D-461C-83EE-D7D818BC4F91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {23AC1F5F-2496-48D5-8A5D-BFED9D7607E1} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe [2014-09-12] ()
Task: {2C4EA6B1-C3AD-42AB-AE02-6BFE9E6E0C84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3E4A0B1E-F7D6-435F-949A-018D5ACA0DFE} - System32\Tasks\HPCeeScheduleForIfeoma => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {53E9916A-232C-4FC5-9C34-C3A1CA045D54} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {6C42CDC5-9107-47F5-BD8B-07A3D848484A} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-06-08] ()
Task: {83BFA7BB-3BC4-4107-9448-FC52B5C59A1F} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-08-20] () <==== ATTENTION
Task: {88B368B3-88CD-4AC8-9DA6-075BADFF444D} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-08-12] ()
Task: {A0F22E82-03F7-4A70-8513-5734A4CF6510} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-11] (Microsoft Corporation)
Task: {BDE070B2-16B1-4FD9-BC24-B4A154952B3A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C18D6BC4-F0BD-427F-A141-2DFFCE08C884} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-09] (CyberLink)
Task: {E6419DBB-FDBD-4BB1-8F96-196F315530E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EE070134-1B1A-4EFE-B6CA-34C84C0FDAF8} - System32\Tasks\bench-S-1-5-21-3373813971-2742717451-131339173-1002 => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-08-20] () <==== ATTENTION
Task: {EEF320F3-BCC8-40B2-95CD-6A00A950A31C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F34616E8-B114-43F5-9ED2-9DE66D040848} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {F606D456-7BEE-4FF6-BA98-70CE90EEB87B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3373813971-2742717451-131339173-1002
Task: {FBBCB550-8B06-4AE0-BC79-419411401D66} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\bench-S-1-5-21-3373813971-2742717451-131339173-1002.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForIfeoma.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-07 15:03 - 2007-05-24 03:44 - 00045568 _____ () C:\Windows\System32\LXDFPMON.DLL
2013-01-07 15:03 - 2007-04-09 06:59 - 00069632 _____ () C:\Windows\System32\LXDFOEM.DLL
2013-01-07 15:02 - 2007-05-24 03:39 - 00081408 _____ () C:\Program Files (x86)\Lexmark 6500 Series\ipcmt64.dll
2013-01-07 15:06 - 2007-05-25 09:44 - 00138240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdfdrpp.dll
2011-07-05 14:27 - 2011-07-05 14:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-04 04:34 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-11-06 17:52 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-04-11 16:03 - 2014-04-11 16:03 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-01-07 15:00 - 2007-06-11 09:53 - 00455600 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
2013-01-07 15:00 - 2007-06-01 04:06 - 00020480 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
2010-07-21 17:33 - 2010-07-21 17:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 17:33 - 2010-07-21 17:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-07-21 17:33 - 2010-07-21 17:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2014-06-26 15:10 - 2014-06-26 15:10 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2014-06-26 15:10 - 2014-06-26 15:10 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2013-01-07 15:00 - 2007-05-24 12:21 - 00278528 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfscw.dll
2013-01-07 15:00 - 2007-05-03 07:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfdatr.dll
2013-01-07 15:00 - 2007-03-25 22:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfcats.dll
2013-01-07 15:00 - 2007-06-08 00:52 - 00028672 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Common.dll
2013-01-07 15:00 - 2007-06-08 00:52 - 00036864 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Core.dll
2013-01-07 15:00 - 2007-06-08 00:52 - 00057344 _____ () C:\Program Files (x86)\Lexmark 6500 Series\app4r.devmons.mcmdevmon.dll
2013-01-07 15:00 - 2007-06-01 04:06 - 00011776 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2014-09-12 23:01 - 2014-09-12 23:01 - 00207784 _____ () C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.dll
2014-08-17 11:25 - 2014-08-06 23:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-17 11:25 - 2014-08-06 23:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-17 11:25 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-17 11:25 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-17 11:25 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-17 11:25 - 2014-08-06 23:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:2E33E4A6
AlternateDataStreams: C:\ProgramData\Temp:68B61847
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21603573.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62190308.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89086343.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21603573.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62190308.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\89086343.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3373813971-2742717451-131339173-500 - Administrator - Disabled)
Guest (S-1-5-21-3373813971-2742717451-131339173-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3373813971-2742717451-131339173-1003 - Limited - Enabled)
Ifeoma (S-1-5-21-3373813971-2742717451-131339173-1002 - Administrator - Enabled) => C:\Users\Ifeoma
Ona Itunes (S-1-5-21-3373813971-2742717451-131339173-1005 - Limited - Enabled) => C:\Users\Ona Itunes
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/27/2014 10:41:27 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details IVssSnapshotProvider::QueryVolumesSupportedForSnapshots(ProviderId,-1,...) [hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
].
 
 
Operation:
   Query volumes supported by this provider
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Snapshot Context: -1
 
Error: (09/27/2014 10:41:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Error calling CreateFile on volume '\\?\Volume{b44c9010-0fe5-11e2-b61c-a0b3ccc0391f}\'.  hr = 0x8000ffff, Catastrophic failure
.
 
Error: (09/27/2014 10:41:26 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details IVssSnapshotProvider::QueryVolumesSupportedForSnapshots(ProviderId,-1,...) [hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
].
 
 
Operation:
   Query volumes supported by this provider
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Snapshot Context: -1
 
Error: (09/27/2014 10:41:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Error calling CreateFile on volume '\\?\Volume{b44c9010-0fe5-11e2-b61c-a0b3ccc0391f}\'.  hr = 0x8000ffff, Catastrophic failure
.
 
Error: (09/27/2014 04:34:53 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (09/26/2014 10:42:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (09/26/2014 10:31:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2014 00:22:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: lxdfcoms.exe, version: 1.0.2.0, time stamp: 0x464c9d04
Faulting module name: lxdfhbn3.dll, version: 1.0.2.0, time stamp: 0x464c9d06
Exception code: 0xc0000005
Fault offset: 0x000000000005fc13
Faulting process id: 0x680
Faulting application start time: 0xlxdfcoms.exe0
Faulting application path: lxdfcoms.exe1
Faulting module path: lxdfcoms.exe2
Report Id: lxdfcoms.exe3
 
Error: (09/12/2014 07:53:11 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (09/11/2014 07:23:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
 
System errors:
=============
Error: (09/27/2014 10:42:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iSafeService service terminated unexpectedly.  It has done this 10 time(s).
 
Error: (09/27/2014 01:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iSafeService service terminated unexpectedly.  It has done this 9 time(s).
 
Error: (09/27/2014 01:20:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iSafeService service terminated unexpectedly.  It has done this 8 time(s).
 
Error: (09/27/2014 01:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iSafeService service terminated unexpectedly.  It has done this 7 time(s).
 
Error: (09/27/2014 01:13:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iSafeService service terminated unexpectedly.  It has done this 6 time(s).
 
Error: (09/27/2014 00:57:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iSafeService service terminated unexpectedly.  It has done this 5 time(s).
 
Error: (09/27/2014 00:53:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iSafeService service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (09/27/2014 01:11:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iSafeService service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (09/27/2014 00:50:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iSafeService service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (09/26/2014 10:58:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iSafeService service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (09/27/2014 10:41:27 PM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::QueryVolumesSupportedForSnapshots(ProviderId,-1,...)0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 
 
Operation:
   Query volumes supported by this provider
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Snapshot Context: -1
 
Error: (09/27/2014 10:41:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{b44c9010-0fe5-11e2-b61c-a0b3ccc0391f}\'0x8000ffff, Catastrophic failure
 
Error: (09/27/2014 10:41:26 PM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}IVssSnapshotProvider::QueryVolumesSupportedForSnapshots(ProviderId,-1,...)0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 
 
Operation:
   Query volumes supported by this provider
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Snapshot Context: -1
 
Error: (09/27/2014 10:41:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{b44c9010-0fe5-11e2-b61c-a0b3ccc0391f}\'0x8000ffff, Catastrophic failure
 
Error: (09/27/2014 04:34:53 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (09/26/2014 10:42:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (09/26/2014 10:31:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2014 00:22:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: lxdfcoms.exe1.0.2.0464c9d04lxdfhbn3.dll1.0.2.0464c9d06c0000005000000000005fc1368001cfc9ddc7ed8186C:\Windows\system32\lxdfcoms.exeC:\Windows\system32\lxdfhbn3.dll8d5b662d-3afd-11e4-81a8-a0b3ccc0391f
 
Error: (09/12/2014 07:53:11 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (09/11/2014 07:23:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon HD Graphics
Percentage of memory in use: 53%
Total physical RAM: 3690.91 MB
Available physical RAM: 1712.57 MB
Total Pagefile: 7379.99 MB
Available Pagefile: 4988.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:283.58 GB) (Free:41.89 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.21 GB) (Free:1.77 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: (Sims3EP09) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 45359D02)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

FRST.gif Fix with Farbar Recovery Scan Tool
 



icon_exclaim.gif This fix was created for this user for use on that particular machine.
icon_exclaim.gif Running it on another one may cause damage and render the system unstable.

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 
 
 
 
51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.
 
 
 
 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.

fixlist.txt

Link to post
Share on other sites

It's certainly much faster. And the chrome.exe *32 process is no longer running when I'm not on google chrome. However when I do get online there are still popup pages, for instance every time I go to scroll down on this page a popup page comes up. There's also these pesky little ads that say 'ad by notification' all over whatever page i'm visiting. They also make these links out of regular words on the page. 

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

remove%20outdated.jpg Uninstall some programs
 
We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • YAC

After completing uninstalls, please manually reboot your machine!
 
Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.
 
 
 
 

FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Hello, 

So pretty much the same thing. The computer is loading much faster on startup and there are no processes running on Task Manager that look odd. However on Chrome there are still the ads by notifications, pages taking really long to load, or not loading at all. I also noticed on the bottom left of the screen when I load a page on chrome that it says certain things like "waiting for majuwe.com" "waiting for adsdoubleclick.net" & "waiting for pixel.quantserve.com". I've attached screen shots of the ones I was able to capture, as well as the fixlog. 

Fixlog.txt

Fixlog.txt

post-174145-0-32214700-1411956381_thumb.

post-174145-0-08289600-1411956393_thumb.

post-174145-0-41588200-1411956403_thumb.

post-174145-0-91111400-1411956410_thumb.

post-174145-0-78723000-1411956424_thumb.

post-174145-0-28654900-1411956431_thumb.

Link to post
Share on other sites

I tried resetting Chromw but nothing became of it. I ended up uninstalling chrome and reinstalling it. Been using it for about 2 hours now and the ads by notifications, pop up pages, linked page words, and looped loading pages are gone. So as of now all seems well. I can't really thank you enough. This was literally months of us trying all sorts of cleaning programs to get the computer right. Thank you so much

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifCryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifFiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: xbtn_donate_SM.gif.pagespeed.ic.MMi5tqVp

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.