Phillyt Posted September 30, 2014 ID:884946 Share Posted September 30, 2014 I had no issues logging in anywhere... Yesterday I logon and get: hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_39_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0Dzz0CyE0C0E0DyE0F0DtN0D0Tzu0StCtDtDtBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzyyEyCtD0EtBtCtG0F0DyC0EtGtCtB0FyDtG0A0FtD0CtGtD0BzyyEyE0DyE0FtAzzzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DtDyEtAtA0B0FtG0AzztAyDtGyE0BtCtBtG0AyD0DzytG0EyE0F0D0FyD0CtA0FtA0Fzz2Q&cr=402266813&ir= I have never been to this site...there were options to delete the link ..those options DO NOT work..all one gets is popups..I have other sites on my list which I can access using tabs but the astromedia site comes up right at login..and will not go away Link to post Share on other sites More sharing options...
MrCharlie Posted September 30, 2014 ID:885084 Share Posted September 30, 2014 Welcome to the forum. (Do what you can) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. 2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. <====><====><====><====><====><====><====><====> Please run a Threat Scan with Malwarebytes (if possible) Start Malwarebytes 2.0......... Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware Same for PUM (Potentially Unwanted Modifications) Quarantine all that's found Post the log (save the log as a .txt file not .xml) Then...... Please download Farbar Recovery Scan Tool (FRST) and save it to a folder. (use correct version for your system.....Which system am I using?) FRST <----for 32 bit systems FRST64 <----for 64 bit systemsDouble-click to run it. When the tool opens click Yes to disclaimer.Press Scan button. (make sure the Addition box is checked)It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.If the logs are large, you can attach them: To attach a log: Bottom right corner of this page. New window that comes up. Last................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Wait for the Prescan to finish Click Scan to scan the system. When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here. Don't run any other options, they're not all bad!!!!!!! RogueKiller logs will also be located here: %programdata%/RogueKiller/Logs <-------W7 C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP (please don't put logs in code or quotes and use the default font) Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running. Create a new restore point Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear". ------->Your topic will be closed if you haven't replied within 3 days!<-------- If I don't respond within 24 hours, please send me a PM Link to post Share on other sites More sharing options...
Phillyt Posted October 1, 2014 Author ID:885396 Share Posted October 1, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2014Ran by PhillyT65 at 2014-10-01 11:55:19Running from C:\Users\PhillyT65\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) HiddenAMD Media Foundation Decoders (Version: 1.0.60629.2348 - ATI Technologies Inc.) HiddenAMD VISION Engine Control Center (x32 Version: 2011.0630.16.41755 - ATI) HiddenApple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.)Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2011.0630.16.41755 - ATI) HiddenCatalyst Control Center InstallProxy (x32 Version: 2011.0630.16.41755 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2011.0630.16.41755 - ATI) HiddenCCC Help English (x32 Version: 2011.0630.0015.41755 - ATI) Hiddenccc-utility64 (Version: 2011.0630.16.41755 - ATI) HiddenCloudScout (x32 Version: 1.0.0.1 - www.CloudGuard.me) HiddenCloudScout Parental Control (HKLM-x32\...\{9c7ab1b0-c461-42e4-b381-4d901f1130fe}) (Version: 1.0.0.3 - www.CloudGuard.me)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDriverTuner 3.5.0.1 (HKLM-x32\...\DriverTuner_is1) (Version: 3.5.0.1 - LionSea Software co., ltd)Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) HiddenHP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) HiddenHP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) HiddenHP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - Hammerpoint Interactive)iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) HiddenJunk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenKerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)League of Legends (x32 Version: 3.0.0 - Riot Games) HiddenLeft 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - )LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) HiddenMicrosoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )OpenAL (HKLM-x32\...\OpenAL) (Version: - )Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenPlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) HiddenRemote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.)RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - Valve)Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - Obsidian Entertainment)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)theHunter (HKLM-x32\...\Steam App 253710) (Version: - Expansive Worlds)Turbo Dismount (HKLM-x32\...\Steam App 263760) (Version: - Secret Exit Ltd.)Unity (HKLM-x32\...\Unity) (Version: 4.5.0f6 - Unity Technologies ApS)Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.51 - NCH Software)Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)XSplit Gamecaster (HKLM-x32\...\{22EE0000-ECB1-486F-B928-990CECFE7B32}) (Version: 1.9.1407.2114 - SplitmediaLabs)Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{1a171a82-78ac-4df6-843e-60d242d0c94c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 30-09-2014 05:54:23 Windows Update01-10-2014 11:17:57 Windows Update01-10-2014 11:21:06 Windows Update01-10-2014 16:14:06 Removed Skype™ 6.2001-10-2014 16:15:04 Removed Skype Click to Call ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {09F898B2-C354-4716-A162-DC94BD42DF13} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard)Task: {1651A2FE-9179-40F3-A44B-EDA069A69CA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {16AC49F9-DC77-4D13-AA4C-FF4B8D8D9CBD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTIONTask: {3A903340-35A8-42D5-A15D-910034F54416} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard)Task: {40FA0DE6-0B63-4D8A-BEF6-0AB4CC872A65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)Task: {59A664AB-699E-4321-BB44-EA2EE9AA68AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {5D78DE63-AF02-486A-A982-9C7DA4C70511} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {5FDE4999-50E6-4FE2-ACF8-0B482B4D75A3} - System32\Tasks\HPCeeScheduleForVIGGILANTE$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)Task: {6B32B5B6-B227-46BF-A2AC-6DC9355B5161} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-24] (Google Inc.)Task: {86AC99A3-66E3-4C5E-B715-752C72F3BB12} - System32\Tasks\HPCeeScheduleForPhillyT65 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)Task: {A3EB1EB7-26A8-42FB-997C-92DD2B859666} - System32\Tasks\YourFileDownloader Installer Starter => C:\Users\PHILLY~1\AppData\Local\Temp\YourFileDownloaderaN37b7xtHB.exe <==== ATTENTIONTask: {B59861A0-1841-41F2-B98A-6EFFAD5CA27F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-24] (Google Inc.)Task: {DEFA07C9-3A91-47C4-BB81-334E5727EBCC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)Task: {EF99594A-CA00-429B-9786-7949B49433E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForPhillyT65.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\Windows\Tasks\HPCeeScheduleForVIGGILANTE$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-25 15:09 - 2014-09-25 10:57 - 04834816 _____ () C:\Windows\score.exe2014-06-12 11:56 - 2014-06-12 11:56 - 00014848 ____N () C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.WowDb.dll2014-05-26 00:59 - 2014-05-26 00:58 - 00035840 _____ () C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.Advertising.dll2014-06-12 11:56 - 2014-06-12 11:56 - 00099840 ____N () C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.CMOD2.dll2011-06-30 02:14 - 2011-06-30 02:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2011-03-14 16:20 - 2011-03-14 16:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-09-25 06:26 - 2014-09-25 06:26 - 00081056 _____ () C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll2013-05-20 11:16 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll2014-09-25 06:26 - 2014-09-25 06:26 - 00081056 _____ () C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL2014-09-24 22:29 - 2014-09-22 23:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll2014-09-24 22:29 - 2014-09-22 23:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll2014-09-24 22:29 - 2014-09-22 23:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll2014-09-24 22:29 - 2014-09-22 23:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll2014-09-24 22:29 - 2014-09-22 23:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll2014-09-24 22:29 - 2014-09-22 23:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3041398442-320649397-160515667-500 - Administrator - Disabled)Guest (S-1-5-21-3041398442-320649397-160515667-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3041398442-320649397-160515667-1002 - Limited - Enabled)Michael (S-1-5-21-3041398442-320649397-160515667-1005 - Administrator - Enabled)PhillyT65 (S-1-5-21-3041398442-320649397-160515667-1000 - Administrator - Enabled) => C:\Users\PhillyT65 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (09/29/2014 07:20:08 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: VIGGILANTE)Description: HRESULT:0x8004FF06Description:Microsoft Security Essentials is already installed. A newer version of Security Essentials is already installed on your computer. Error code:0x8004FF06. Error: (09/29/2014 01:50:22 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a3c Start Time: 01cfdc0c7edacd50 Termination Time: 140 Application Path: C:\Windows\Explorer.EXE Report Id: 6d810e0f-4809-11e4-a0a9-38607782e6c5 Error: (09/29/2014 06:12:53 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 9c8 Start Time: 01cfdb3ee688b89e Termination Time: 3224 Application Path: C:\Windows\Explorer.EXE Report Id: 78f3a400-47c9-11e4-b288-38607782e6c5 Error: (09/28/2014 10:01:19 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: 7759337A_stp.EXE, version: 0.0.0.0, time stamp: 0x4b1ae411Faulting module name: NSISEncrypt.dll, version: 0.0.0.0, time stamp: 0x54280577Exception code: 0xc0000005Fault offset: 0x000038c8Faulting process id: 0x1828Faulting application start time: 0x7759337A_stp.EXE0Faulting application path: 7759337A_stp.EXE1Faulting module path: 7759337A_stp.EXE2Report Id: 7759337A_stp.EXE3 Error: (09/26/2014 08:00:39 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program thehunter.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2504 Start Time: 01cfd9898a600c75 Termination Time: 24 Application Path: C:\Program Files (x86)\Steam\steamapps\common\theHunter\game\thehunter.exe Report Id: Error: (09/25/2014 11:05:03 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program Skype.exe version 6.20.0.104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 88c Start Time: 01cfd905d6d250ac Termination Time: 52 Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe Report Id: Error: (09/25/2014 03:09:56 PM) (Source: MsiInstaller) (EventID: 11723) (User: VIGGILANTE)Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action InstallationFailed, entry: InstallationFailed, library: C:\Windows\Installer\MSIA0F5.tmp Error: (09/25/2014 03:09:55 PM) (Source: MsiInstaller) (EventID: 11723) (User: VIGGILANTE)Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action InstallationStart, entry: InstallationStart, library: C:\Windows\Installer\MSI9ADC.tmp Error: (09/14/2014 11:20:54 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x53948b55Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000005Fault offset: 0x0002e04eFaulting process id: 0x3c0Faulting application start time: 0xhl2.exe0Faulting application path: hl2.exe1Faulting module path: hl2.exe2Report Id: hl2.exe3 Error: (09/05/2014 01:08:36 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program chrome.exe version 37.0.2062.103 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1af0 Start Time: 01cfc93425c4fe2d Termination Time: 10 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 880e943b-3527-11e4-bc29-38607782e6c5 System errors:=============Error: (10/01/2014 06:00:56 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (10/01/2014 05:55:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The Diagnostic System Host service hung on starting. Error: (10/01/2014 05:55:08 AM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The Diagnostic Service Host service hung on starting. Error: (10/01/2014 05:53:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (10/01/2014 05:53:38 AM) (Source: SNMP) (EventID: 1500) (User: )Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error: (10/01/2014 05:53:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Routing and Remote Access service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (10/01/2014 05:53:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The HP Software Framework Service service failed to start due to the following error: %%1053 Error: (10/01/2014 05:53:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect. Error: (10/01/2014 05:53:03 AM) (Source: NETLOGON) (EventID: 3095) (User: )Description: This computer is configured as a member of a workgroup, not asa member of a domain. The Netlogon service does not need to run in thisconfiguration. Error: (10/01/2014 05:51:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Message Queuing service terminated with the following error: %%-2147024877 Microsoft Office Sessions:=========================Error: (09/29/2014 07:20:08 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: VIGGILANTE)Description: HRESULT:0x8004FF06Description:Microsoft Security Essentials is already installed. A newer version of Security Essentials is already installed on your computer. Error code:0x8004FF06. Error: (09/29/2014 01:50:22 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Explorer.EXE6.1.7601.17567a3c01cfdc0c7edacd50140C:\Windows\Explorer.EXE6d810e0f-4809-11e4-a0a9-38607782e6c5 Error: (09/29/2014 06:12:53 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: Explorer.EXE6.1.7601.175679c801cfdb3ee688b89e3224C:\Windows\Explorer.EXE78f3a400-47c9-11e4-b288-38607782e6c5 Error: (09/28/2014 10:01:19 AM) (Source: Application Error) (EventID: 1000) (User: )Description: 7759337A_stp.EXE0.0.0.04b1ae411NSISEncrypt.dll0.0.0.054280577c0000005000038c8182801cfdb2d062058f2C:\Users\PHILLY~1\AppData\Local\Temp\is366025459\7759337A_stp.EXEC:\Users\PHILLY~1\AppData\Local\Temp\nsg2579.tmp\NSISEncrypt.dll4cf5b4f0-4720-11e4-b7b9-38607782e6c5 Error: (09/26/2014 08:00:39 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: thehunter.exe1.0.0.1250401cfd9898a600c7524C:\Program Files (x86)\Steam\steamapps\common\theHunter\game\thehunter.exe Error: (09/25/2014 11:05:03 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Skype.exe6.20.0.10488c01cfd905d6d250ac52C:\Program Files (x86)\Skype\Phone\Skype.exe Error: (09/25/2014 03:09:56 PM) (Source: MsiInstaller) (EventID: 11723) (User: VIGGILANTE)Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action InstallationFailed, entry: InstallationFailed, library: C:\Windows\Installer\MSIA0F5.tmp (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/25/2014 03:09:55 PM) (Source: MsiInstaller) (EventID: 11723) (User: VIGGILANTE)Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action InstallationStart, entry: InstallationStart, library: C:\Windows\Installer\MSI9ADC.tmp (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/14/2014 11:20:54 PM) (Source: Application Error) (EventID: 1000) (User: )Description: hl2.exe0.0.0.053948b55ntdll.dll6.1.7601.18247521ea8e7c00000050002e04e3c001cfd099b1293705C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exeC:\Windows\SysWOW64\ntdll.dllaea158c6-3c8f-11e4-ae05-38607782e6c5 Error: (09/05/2014 01:08:36 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: chrome.exe37.0.2062.1031af001cfc93425c4fe2d10C:\Program Files (x86)\Google\Chrome\Application\chrome.exe880e943b-3527-11e4-bc29-38607782e6c5 CodeIntegrity Errors:=================================== Date: 2014-09-25 15:25:10.294 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-25 15:25:09.958 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-25 15:25:09.621 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-25 15:15:35.696 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-25 15:15:35.341 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-25 15:15:34.976 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD E2-3200 APU with Radeon HD GraphicsPercentage of memory in use: 56%Total physical RAM: 3570.82 MBAvailable physical RAM: 1539.93 MBTotal Pagefile: 7139.81 MBAvailable Pagefile: 4206.77 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:919.75 GB) (Free:700.1 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (HP_RECOVERY) (Fixed) (Total:11.66 GB) (Free:1.43 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EAD598F5)Partition 1: (Active) - (Size=98 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=919.8 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================latest.log Link to post Share on other sites More sharing options...
Phillyt Posted October 1, 2014 Author ID:885397 Share Posted October 1, 2014 Naturally since I am NOT PUTER PROFICIANT...Did I do that right ??? Link to post Share on other sites More sharing options...
MrCharlie Posted October 1, 2014 ID:885401 Share Posted October 1, 2014 That's the Addition.txt, I need to see the FRST.txt which you would have gotten when you ran FRST64.exeAlso you didn't run RogueKiller and post that log.MrC Link to post Share on other sites More sharing options...
Phillyt Posted October 1, 2014 Author ID:885407 Share Posted October 1, 2014 Farbar Service Scanner Version: 21-07-2014Ran by PhillyT65 (administrator) on 01-10-2014 at 12:30:34Running from "C:\Users\PhillyT65\Downloads"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal**************************************************************** Internet Services:============ Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible. Other Services:============== File Check:========C:\Windows\System32\nsisvc.dll => File is digitally signedC:\Windows\System32\drivers\nsiproxy.sys => File is digitally signedC:\Windows\System32\dhcpcore.dll => File is digitally signedC:\Windows\System32\drivers\afd.sys => File is digitally signedC:\Windows\System32\drivers\tdx.sys => File is digitally signedC:\Windows\System32\Drivers\tcpip.sys => File is digitally signedC:\Windows\System32\dnsrslvr.dll => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signed **** End of log **** Link to post Share on other sites More sharing options...
Phillyt Posted October 1, 2014 Author ID:885410 Share Posted October 1, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014Ran by PhillyT65 (administrator) on VIGGILANTE on 01-10-2014 12:35:14Running from C:\Users\PhillyT65\DownloadsLoaded Profile: PhillyT65 (Available profiles: PhillyT65 & DefaultAppPool)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe(Microsoft Corporation) C:\Windows\System32\mqsvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe() C:\Windows\score.exe(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE(Microsoft Corporation) C:\Windows\System32\snmp.exe(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe(Microsoft Corporation) C:\Windows\System32\vds.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(AMD) C:\Windows\System32\atieclxx.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Microsoft Corporation) C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe(Curse) C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\PhillyT65\Downloads\FSS.exe(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe(Farbar) C:\Users\PhillyT65\Downloads\FSS.exe(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe(Farbar) C:\Users\PhillyT65\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dllHKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\Run: [skyDrive] => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\RunOnce: [uninstall C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\RunOnce: [uninstall C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\RunOnce: [uninstall C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\RunOnce: [uninstall C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"Startup: C:\Users\PhillyT65\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myyahoo.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE10ENUS/WOL_WCPURLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No FileSearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM - {B42D1374-3E73-422B-B53E-54740E2EBFB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM-x32 - {B42D1374-3E73-422B-B53E-54740E2EBFB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKCU - DefaultScope {B04FC860-8BC8-40F1-BD12-3B0EFC986F91} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKCU - {B04FC860-8BC8-40F1-BD12-3B0EFC986F91} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8SearchScopes: HKCU - {B42D1374-3E73-422B-B53E-54740E2EBFB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} Winsock: Catalog9 01 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)Winsock: Catalog9 02 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)Winsock: Catalog9 03 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)Winsock: Catalog9 04 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)Winsock: Catalog9 15 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)Winsock: Catalog9-x64 01 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)Winsock: Catalog9-x64 02 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)Winsock: Catalog9-x64 03 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)Winsock: Catalog9-x64 04 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)Winsock: Catalog9-x64 15 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)Tcpip\..\Interfaces\{87F3F179-3F29-417B-92B7-FCFA92AA33B8}: [NameServer] 81.218.119.15,199.203.35.75 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PhillyT65\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: =======CHR DefaultSearchURL: Default -> https://us-mg5.mail.yahoo.com/neo/launch?action=compose&To=%sCHR Profile: C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-13]CHR Extension: (Google Drive) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-13]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (YouTube) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-13]CHR Extension: (Google Search) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-24]CHR Extension: (Google Wallet) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]CHR Extension: (Gmail) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-13]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)R2 scores; C:\Windows\score.exe [4834816 2014-09-25] () [File not signed]R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-01] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation)S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed]R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX64.sys [57312 2008-06-14] (Ray Hinchliffe)R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)R1 MpKslc9d125c2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85280ACD-A8A1-4077-A4FA-93FF4B07333C}\MpKslc9d125c2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 12:34 - 2014-10-01 12:34 - 01100288 _____ (Farbar) C:\Users\PhillyT65\Downloads\FRST.exe2014-10-01 12:29 - 2014-10-01 12:30 - 00001144 _____ () C:\Users\PhillyT65\Downloads\FSS.txt2014-10-01 12:28 - 2014-10-01 12:28 - 00415232 _____ (Farbar) C:\Users\PhillyT65\Downloads\FSS.exe2014-10-01 12:23 - 2014-10-01 12:23 - 02108928 _____ (Farbar) C:\Users\PhillyT65\Downloads\FRST64 (1).exe2014-10-01 11:55 - 2014-10-01 11:56 - 00036596 _____ () C:\Users\PhillyT65\Downloads\Addition.txt2014-10-01 11:54 - 2014-10-01 12:35 - 00020696 _____ () C:\Users\PhillyT65\Downloads\FRST.txt2014-10-01 11:54 - 2014-10-01 12:35 - 00000000 ____D () C:\FRST2014-10-01 11:53 - 2014-10-01 11:53 - 02108928 _____ (Farbar) C:\Users\PhillyT65\Downloads\FRST64.exe2014-10-01 03:55 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-10-01 03:55 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-09-29 19:27 - 2014-10-01 05:52 - 00000112 _____ () C:\Windows\setupact.log2014-09-29 19:27 - 2014-09-29 19:27 - 00000000 _____ () C:\Windows\setuperr.log2014-09-26 08:00 - 2014-09-26 23:09 - 00000097 _____ () C:\Users\PhillyT65\AppData\Roaming\LauncherSettings_live.cfg2014-09-26 07:58 - 2014-09-26 07:58 - 00000039 _____ () C:\Users\PhillyT65\AppData\Roaming\TheHunterSettings_steam_live.cfg2014-09-26 07:58 - 2014-09-26 07:58 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\theHunter2014-09-26 07:58 - 2014-09-26 07:58 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\theHunter2014-09-26 07:56 - 2014-09-26 07:56 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\theHunterSteam2014-09-26 07:56 - 2014-09-26 07:56 - 00000000 ____D () C:\ProgramData\Hunter2014-09-25 15:12 - 2014-10-01 02:01 - 00000000 ___HD () C:\Users\Public\Temp2014-09-25 15:11 - 2014-09-01 13:28 - 00350768 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect64.dll2014-09-25 15:11 - 2014-09-01 13:28 - 00304776 _____ (MyOSCompany) C:\Windows\SysWOW64\MyOSProtect.dll2014-09-25 15:10 - 2014-09-26 04:56 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\VOPackage2014-09-25 15:10 - 2014-09-26 02:15 - 00004038 _____ () C:\Windows\System32\Tasks\LaunchSignup2014-09-25 15:10 - 2014-09-25 15:10 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\fastplayer2014-09-25 15:10 - 2014-09-25 15:10 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\com2014-09-25 15:10 - 2014-09-25 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPlayer2014-09-25 15:09 - 2014-09-25 10:57 - 04834816 _____ () C:\Windows\score.exe2014-09-24 00:08 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-09-24 00:08 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-09-19 23:12 - 2014-09-19 23:12 - 00000219 _____ () C:\Users\PhillyT65\Desktop\Left 4 Dead 2.url2014-09-12 21:11 - 2014-09-12 21:11 - 00000184 _____ () C:\Users\PhillyT65\Downloads\eula.txt2014-09-12 21:11 - 2014-09-12 21:11 - 00000061 _____ () C:\Users\PhillyT65\Downloads\server.properties2014-09-12 21:10 - 2014-09-12 21:11 - 10769744 _____ () C:\Users\PhillyT65\Downloads\minecraft_server.1.8.exe2014-09-10 04:02 - 2014-09-10 04:02 - 00411056 _____ () C:\Users\PhillyT65\Downloads\setup (1).exe2014-09-10 03:15 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-09-10 03:15 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-09-10 03:15 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-09-10 03:15 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-09-10 03:15 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-09-10 03:15 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-09-10 03:15 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-09-10 03:15 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-09-10 03:15 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-09-10 03:15 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-09-10 03:15 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-09-10 03:15 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-09-10 03:15 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-09-10 03:15 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-09-10 03:15 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-09-10 03:15 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-09-10 03:15 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-09-10 03:15 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-09-10 03:15 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-09-10 03:15 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-09-10 03:15 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-09-10 03:15 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-09-10 03:15 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-09-10 03:15 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-09-10 03:15 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-09-10 03:15 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-09-10 03:15 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-09-10 03:15 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-09-10 03:15 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-09-10 03:15 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-09-10 03:15 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-09-10 03:15 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-09-10 03:15 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-09-10 03:15 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-09-10 03:15 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-09-10 03:15 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-09-10 03:15 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-09-10 03:15 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-09-10 03:15 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-09-10 03:15 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-09-10 03:15 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-09-10 03:15 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-09-10 03:15 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-09-10 03:15 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-09-10 03:15 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-09-10 03:15 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-09-10 03:15 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-09-10 03:15 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-09-10 03:15 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-09-10 03:15 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-09-10 03:15 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-09-10 03:15 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-09-10 03:15 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-09-10 03:15 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-09-10 03:15 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-09-10 03:15 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-09-10 03:02 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2014-09-10 03:02 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2014-09-10 01:31 - 2014-09-23 15:31 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2014-09-09 16:42 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll2014-09-09 16:42 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll2014-09-09 16:41 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-09-09 16:41 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2014-09-09 16:40 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-09-09 16:40 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-09-09 16:40 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-09-09 16:40 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-09-09 16:40 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-09-09 16:40 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-09-09 16:40 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-09-08 06:00 - 2014-09-30 06:37 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\Adobe2014-09-06 13:10 - 2014-09-06 13:10 - 00857696 _____ ( ) C:\Users\PhillyT65\Downloads\Adobe_Flash_Setup.exe2014-09-05 16:52 - 2014-09-05 16:52 - 00000000 ____D () C:\Users\PhillyT65\Downloads\LOIC-master2014-09-05 13:07 - 2014-09-05 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi2014-09-05 13:07 - 2014-09-05 13:07 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi2014-09-05 13:07 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys2014-09-03 19:54 - 2014-09-03 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA2014-09-03 19:51 - 2014-09-03 19:51 - 00000222 _____ () C:\Users\PhillyT65\Desktop\Terraria.url2014-09-03 18:23 - 2014-09-03 18:24 - 07688351 _____ () C:\Users\PhillyT65\Desktop\INTRO!!!!!.mp42014-09-03 18:18 - 2014-09-03 18:18 - 00000076 _____ () C:\Users\PhillyT65\Downloads\INTRO!!!!!.mxf.sfl2014-09-03 18:17 - 2014-09-03 18:18 - 20100156 _____ () C:\Users\PhillyT65\Downloads\INTRO!!!!!.mxf2014-09-01 12:28 - 2014-09-01 12:31 - 00372200 _____ () C:\Users\PhillyT65\Downloads\lavender town - solkrieg's dream eater dubstep remix.mp3.sfk2014-09-01 12:27 - 2014-09-10 04:01 - 00003212 _____ () C:\Windows\System32\Tasks\YourFileDownloader Installer Starter ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 12:19 - 2013-12-24 09:41 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-01 12:16 - 2013-01-07 17:43 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\Deployment2014-10-01 12:05 - 2013-01-07 16:33 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{553BECE3-7405-4C06-8481-01D3ECC7CBCD}2014-10-01 11:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-01 11:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-01 11:17 - 2014-04-15 04:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-01 11:14 - 2014-06-13 23:28 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\Skype2014-10-01 11:14 - 2014-03-28 20:31 - 00000000 ____D () C:\ProgramData\Skype2014-10-01 06:21 - 2013-01-07 16:24 - 01336810 _____ () C:\Windows\WindowsUpdate.log2014-10-01 06:16 - 2014-08-20 17:09 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\LogMeIn Hamachi2014-10-01 06:16 - 2014-05-25 00:51 - 00000000 ___RD () C:\Users\PhillyT65\OneDrive2014-10-01 06:16 - 2013-12-24 09:41 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-01 05:55 - 2011-11-04 10:28 - 00000000 ____D () C:\ProgramData\PDFC2014-10-01 05:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv2014-10-01 05:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-01 05:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration2014-10-01 05:52 - 2010-11-20 22:47 - 00797270 _____ () C:\Windows\PFRO.log2014-09-30 23:21 - 2014-05-18 18:43 - 00000000 ____D () C:\Program Files (x86)\Steam2014-09-30 16:46 - 2013-06-23 07:42 - 00000000 ___HD () C:\Windows\msdownld.tmp2014-09-30 16:41 - 2014-06-18 09:22 - 00000000 ____D () C:\Program Files (x86)\OpenAL2014-09-29 19:20 - 2013-01-07 21:14 - 00002057 _____ () C:\Windows\epplauncher.mif2014-09-29 16:01 - 2013-01-07 16:33 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPhillyT652014-09-29 16:01 - 2013-01-07 16:33 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForPhillyT65.job2014-09-29 14:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-09-29 13:38 - 2014-07-24 20:06 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\PMB Files2014-09-29 12:40 - 2013-01-07 16:24 - 00000000 ____D () C:\Users\PhillyT652014-09-29 12:39 - 2014-07-24 20:06 - 00000000 ____D () C:\ProgramData\PMB Files2014-09-29 12:39 - 2014-05-18 00:13 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\Battle.net2014-09-29 12:39 - 2013-10-29 16:56 - 00000000 ____D () C:\Users\DefaultAppPool2014-09-29 12:39 - 2011-11-04 10:21 - 00000000 ____D () C:\ProgramData\RoxioNow2014-09-29 12:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc2014-09-29 11:17 - 2014-05-18 00:13 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\Battle.net2014-09-28 10:01 - 2013-01-08 17:40 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\CrashDumps2014-09-27 18:37 - 2014-05-25 00:49 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\Windows Live2014-09-26 16:49 - 2011-11-04 10:22 - 00000000 ____D () C:\ProgramData\CyberLink2014-09-26 16:49 - 2011-11-04 10:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-09-26 04:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas2014-09-25 17:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-09-25 15:39 - 2009-07-14 00:13 - 00869632 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-25 15:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI2014-09-25 15:11 - 2014-05-21 18:34 - 00000000 ____D () C:\ProgramData\Package Cache2014-09-25 06:26 - 2014-05-25 00:51 - 00002192 _____ () C:\Users\PhillyT65\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk2014-09-24 22:00 - 2013-01-30 22:08 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-09-24 22:00 - 2013-01-09 22:05 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-09-24 21:59 - 2013-01-16 22:36 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\HP Support Assistant2014-09-24 21:59 - 2013-01-08 17:39 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\HpUpdate2014-09-22 01:42 - 2010-11-20 22:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-09-16 17:56 - 2014-06-04 21:39 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\.minecraft2014-09-13 11:23 - 2014-05-18 00:14 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft2014-09-13 11:23 - 2014-05-18 00:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-09-10 03:14 - 2011-02-11 12:15 - 00861754 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-09-10 03:13 - 2013-01-07 21:14 - 00002119 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk2014-09-10 03:12 - 2013-07-16 07:57 - 00000000 ____D () C:\Windows\system32\MRT2014-09-10 03:12 - 2013-01-07 21:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client2014-09-10 03:12 - 2013-01-07 21:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client2014-09-10 03:03 - 2013-01-08 09:16 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-09-10 03:02 - 2014-05-05 20:44 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-09-08 10:42 - 2013-07-15 17:19 - 47296000 ___SH () C:\Users\PhillyT65\Downloads\Thumbs.db2014-09-05 13:07 - 2014-08-20 17:08 - 00000888 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk2014-09-03 19:54 - 2014-06-19 16:12 - 00000000 ____D () C:\Users\PhillyT65\Documents\My Games2014-09-03 18:17 - 2014-08-31 12:35 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\Sony2014-09-01 21:05 - 2013-01-07 16:35 - 00003222 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForVIGGILANTE$2014-09-01 21:05 - 2013-01-07 16:35 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForVIGGILANTE$.job Some content of TEMP:====================C:\Users\PhillyT65\AppData\Local\Temp\BackupSetup.exeC:\Users\PhillyT65\AppData\Local\Temp\EdSD9.dllC:\Users\PhillyT65\AppData\Local\Temp\EdSD9.exeC:\Users\PhillyT65\AppData\Local\Temp\GVRA8.exeC:\Users\PhillyT65\AppData\Local\Temp\OnlineBackup.exeC:\Users\PhillyT65\AppData\Local\Temp\SpOrder.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 00:27 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Phillyt Posted October 1, 2014 Author ID:885417 Share Posted October 1, 2014 RogueKiller V9.2.13.0 (x64) [sep 25 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : PhillyT65 [Admin rights]Mode : Scan -- Date : 10/01/2014 12:50:42 ¤¤¤ Bad processes : 2 ¤¤¤[suspicious.Path] CurseClient.exe -- C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe[-] -> KILLED [TermProc][suspicious.Path] (SVC) scores -- C:\Windows\score.exe[-] -> STOPPED ¤¤¤ Registry Entries : 22 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\scores (C:\Windows\score.exe) -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\scores (C:\Windows\score.exe) -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\scores (C:\Windows\score.exe) -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87F3F179-3F29-417B-92B7-FCFA92AA33B8} | NameServer : 81.218.119.15,199.203.35.75 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{87F3F179-3F29-417B-92B7-FCFA92AA33B8} | NameServer : 81.218.119.15,199.203.35.75 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{87F3F179-3F29-417B-92B7-FCFA92AA33B8} | NameServer : 81.218.119.15,199.203.35.75 -> FOUND[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://myyahoo.com/ -> FOUND [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://myyahoo.com/ -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[suspicious.Path] \\YourFileDownloader Installer Starter -- C:\Users\PHILLY~1\AppData\Local\Temp\YourFileDownloaderaN37b7xtHB.exe (-startup) -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 4 (Driver: LOADED) ¤¤¤[EAT:Addr] (explorer.exe) msi.dll - DllCanUnloadNow : C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll @ 0x7fef3c1b8e4[EAT:Addr] (explorer.exe) msi.dll - DllGetClassObject : C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll @ 0x7fef3c1b91c[EAT:Addr] (explorer.exe) msi.dll - DllRegisterServer : C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll @ 0x7fef3c1ba4c[EAT:Addr] (explorer.exe) msi.dll - DllUnregisterServer : C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll @ 0x7fef3c1bb1c ¤¤¤ Web browsers : 0 ¤¤¤ ¤ Link to post Share on other sites More sharing options...
MrCharlie Posted October 1, 2014 ID:885420 Share Posted October 1, 2014 Make sure you have created a restore point and..... Download Delfix from Here and save it to your desktop.Place a check mark in front of .......Create registry backup <---only!Uncheck the rest!Click the Run button. Close the tool out when it's done....we'll use it later. ====================================== Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe. Run FRST.exe/FRST64.exe and click Fix only once and wait The tool will create a log (Fixlog.txt) in the folder, please post it to your reply. ===================================== Please download AdwCleaner from HERE or HERE to your desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Next.................. Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Next......... Please run a Threat Scan Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware Same for PUM (Potentially Unwanted Modifications) Quarantine All that's found MrC Link to post Share on other sites More sharing options...
Phillyt Posted October 1, 2014 Author ID:885429 Share Posted October 1, 2014 Thanks for all you have suggested but I think I'll just junk this machine out n get a new one..I can't keep loading all these files since when I got the machine it was used Link to post Share on other sites More sharing options...
MrCharlie Posted October 1, 2014 ID:885451 Share Posted October 1, 2014 OK...MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 7, 2014 Root Admin ID:887261 Share Posted October 7, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts