2-3 days ago

[Phillyt]

I had no issues logging in anywhere...

 

Yesterday I logon and get:

 

hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_39_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0Dzz0CyE0C0E0DyE0F0DtN0D0Tzu0StCtDtDtBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzyyEyCtD0EtBtCtG0F0DyC0EtGtCtB0FyDtG0A0FtD0CtGtD0BzyyEyE0DyE0FtAzzzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DtDyEtAtA0B0FtG0AzztAyDtGyE0BtCtBtG0AyD0DzytG0EyE0F0D0FyD0CtA0FtA0Fzz2Q&cr=402266813&ir=

 

I have never been to this site...there were options to delete the link ..those options DO NOT work..all one gets is popups..

I have other sites on my list which I can access using tabs but the astromedia site comes up right at login..and will not go away

[MrCharlie]

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button. (make sure the Addition box is checked)
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

New window that comes up.

Last................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

 

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

[Phillyt]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2014

Ran by PhillyT65 at 2014-10-01 11:55:19

Running from C:\Users\PhillyT65\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.60629.2348 - ATI Technologies Inc.) Hidden

AMD VISION Engine Control Center (x32 Version: 2011.0630.16.41755 - ATI) Hidden

Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.)

Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0630.16.41755 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2011.0630.16.41755 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2011.0630.16.41755 - ATI) Hidden

CCC Help English (x32 Version: 2011.0630.0015.41755 - ATI) Hidden

ccc-utility64 (Version: 2011.0630.16.41755 - ATI) Hidden

CloudScout (x32 Version: 1.0.0.1 - www.CloudGuard.me) Hidden

CloudScout Parental Control (HKLM-x32\...\{9c7ab1b0-c461-42e4-b381-4d901f1130fe}) (Version: 1.0.0.3 - www.CloudGuard.me)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)

Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DriverTuner 3.5.0.1 (HKLM-x32\...\DriverTuner_is1) (Version: 3.5.0.1 - LionSea Software co., ltd)

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - Suspicious Developments)

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden

HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden

HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)

HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)

Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - Hammerpoint Interactive)

iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)

League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)

League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version:  - )

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)

Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden

Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)

RIFT (HKCU\...\RIFT) (Version:  - Trion Worlds, Inc.)

RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)

Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)

Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version:  - Obsidian Entertainment)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)

theHunter (HKLM-x32\...\Steam App 253710) (Version:  - Expansive Worlds)

Turbo Dismount (HKLM-x32\...\Steam App 263760) (Version:  - Secret Exit Ltd.)

Unity (HKLM-x32\...\Unity) (Version: 4.5.0f6 - Unity Technologies ApS)

Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)

Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)

Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)

VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.51 - NCH Software)

Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

XSplit Gamecaster (HKLM-x32\...\{22EE0000-ECB1-486F-B928-990CECFE7B32}) (Version: 1.9.1407.2114 - SplitmediaLabs)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{1a171a82-78ac-4df6-843e-60d242d0c94c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3041398442-320649397-160515667-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

30-09-2014 05:54:23 Windows Update

01-10-2014 11:17:57 Windows Update

01-10-2014 11:21:06 Windows Update

01-10-2014 16:14:06 Removed Skype™ 6.20

01-10-2014 16:15:04 Removed Skype Click to Call

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {09F898B2-C354-4716-A162-DC94BD42DF13} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard)

Task: {1651A2FE-9179-40F3-A44B-EDA069A69CA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {16AC49F9-DC77-4D13-AA4C-FF4B8D8D9CBD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION

Task: {3A903340-35A8-42D5-A15D-910034F54416} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard)

Task: {40FA0DE6-0B63-4D8A-BEF6-0AB4CC872A65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)

Task: {59A664AB-699E-4321-BB44-EA2EE9AA68AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {5D78DE63-AF02-486A-A982-9C7DA4C70511} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {5FDE4999-50E6-4FE2-ACF8-0B482B4D75A3} - System32\Tasks\HPCeeScheduleForVIGGILANTE$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

Task: {6B32B5B6-B227-46BF-A2AC-6DC9355B5161} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-24] (Google Inc.)

Task: {86AC99A3-66E3-4C5E-B715-752C72F3BB12} - System32\Tasks\HPCeeScheduleForPhillyT65 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

Task: {A3EB1EB7-26A8-42FB-997C-92DD2B859666} - System32\Tasks\YourFileDownloader Installer Starter => C:\Users\PHILLY~1\AppData\Local\Temp\YourFileDownloaderaN37b7xtHB.exe <==== ATTENTION

Task: {B59861A0-1841-41F2-B98A-6EFFAD5CA27F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-24] (Google Inc.)

Task: {DEFA07C9-3A91-47C4-BB81-334E5727EBCC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)

Task: {EF99594A-CA00-429B-9786-7949B49433E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForPhillyT65.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\HPCeeScheduleForVIGGILANTE$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-09-25 15:09 - 2014-09-25 10:57 - 04834816 _____ () C:\Windows\score.exe

2014-06-12 11:56 - 2014-06-12 11:56 - 00014848 ____N () C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.WowDb.dll

2014-05-26 00:59 - 2014-05-26 00:58 - 00035840 _____ () C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.Advertising.dll

2014-06-12 11:56 - 2014-06-12 11:56 - 00099840 ____N () C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.CMOD2.dll

2011-06-30 02:14 - 2011-06-30 02:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2011-03-14 16:20 - 2011-03-14 16:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-09-25 06:26 - 2014-09-25 06:26 - 00081056 _____ () C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll

2013-05-20 11:16 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

2014-09-25 06:26 - 2014-09-25 06:26 - 00081056 _____ () C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL

2014-09-24 22:29 - 2014-09-22 23:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll

2014-09-24 22:29 - 2014-09-22 23:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll

2014-09-24 22:29 - 2014-09-22 23:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll

2014-09-24 22:29 - 2014-09-22 23:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll

2014-09-24 22:29 - 2014-09-22 23:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

2014-09-24 22:29 - 2014-09-22 23:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-3041398442-320649397-160515667-500 - Administrator - Disabled)

Guest (S-1-5-21-3041398442-320649397-160515667-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3041398442-320649397-160515667-1002 - Limited - Enabled)

Michael (S-1-5-21-3041398442-320649397-160515667-1005 - Administrator - Enabled)

PhillyT65 (S-1-5-21-3041398442-320649397-160515667-1000 - Administrator - Enabled) => C:\Users\PhillyT65

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/29/2014 07:20:08 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: VIGGILANTE)

Description: HRESULT:0x8004FF06

Description:Microsoft Security Essentials is already installed. A newer version of Security Essentials is already installed on your computer. Error code:0x8004FF06.

 

Error: (09/29/2014 01:50:22 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: a3c

 

Start Time: 01cfdc0c7edacd50

 

Termination Time: 140

 

Application Path: C:\Windows\Explorer.EXE

 

Report Id: 6d810e0f-4809-11e4-a0a9-38607782e6c5

 

Error: (09/29/2014 06:12:53 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 9c8

 

Start Time: 01cfdb3ee688b89e

 

Termination Time: 3224

 

Application Path: C:\Windows\Explorer.EXE

 

Report Id: 78f3a400-47c9-11e4-b288-38607782e6c5

 

Error: (09/28/2014 10:01:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 7759337A_stp.EXE, version: 0.0.0.0, time stamp: 0x4b1ae411

Faulting module name: NSISEncrypt.dll, version: 0.0.0.0, time stamp: 0x54280577

Exception code: 0xc0000005

Fault offset: 0x000038c8

Faulting process id: 0x1828

Faulting application start time: 0x7759337A_stp.EXE0

Faulting application path: 7759337A_stp.EXE1

Faulting module path: 7759337A_stp.EXE2

Report Id: 7759337A_stp.EXE3

 

Error: (09/26/2014 08:00:39 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program thehunter.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 2504

 

Start Time: 01cfd9898a600c75

 

Termination Time: 24

 

Application Path: C:\Program Files (x86)\Steam\steamapps\common\theHunter\game\thehunter.exe

 

Report Id:

 

Error: (09/25/2014 11:05:03 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program Skype.exe version 6.20.0.104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 88c

 

Start Time: 01cfd905d6d250ac

 

Termination Time: 52

 

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

 

Report Id:

 

Error: (09/25/2014 03:09:56 PM) (Source: MsiInstaller) (EventID: 11723) (User: VIGGILANTE)

Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\Windows\Installer\MSIA0F5.tmp

 

Error: (09/25/2014 03:09:55 PM) (Source: MsiInstaller) (EventID: 11723) (User: VIGGILANTE)

Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStart, entry: InstallationStart, library: C:\Windows\Installer\MSI9ADC.tmp

 

Error: (09/14/2014 11:20:54 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x53948b55

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000005

Fault offset: 0x0002e04e

Faulting process id: 0x3c0

Faulting application start time: 0xhl2.exe0

Faulting application path: hl2.exe1

Faulting module path: hl2.exe2

Report Id: hl2.exe3

 

Error: (09/05/2014 01:08:36 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program chrome.exe version 37.0.2062.103 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1af0

 

Start Time: 01cfc93425c4fe2d

 

Termination Time: 10

 

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

Report Id: 880e943b-3527-11e4-bc29-38607782e6c5

 

 

System errors:

=============

Error: (10/01/2014 06:00:56 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

 

Error: (10/01/2014 05:55:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Diagnostic System Host service hung on starting.

 

Error: (10/01/2014 05:55:08 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Diagnostic Service Host service hung on starting.

 

Error: (10/01/2014 05:53:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: 

%%1058

 

Error: (10/01/2014 05:53:38 AM) (Source: SNMP) (EventID: 1500) (User: )

Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

 

Error: (10/01/2014 05:53:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Routing and Remote Access service depends on the Remote Access Connection Manager service which failed to start because of the following error: 

%%1058

 

Error: (10/01/2014 05:53:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The HP Software Framework Service service failed to start due to the following error: 

%%1053

 

Error: (10/01/2014 05:53:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.

 

Error: (10/01/2014 05:53:03 AM) (Source: NETLOGON) (EventID: 3095) (User: )

Description: This computer is configured as a member of a workgroup, not as

a member of a domain. The Netlogon service does not need to run in this

configuration.

 

Error: (10/01/2014 05:51:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Message Queuing service terminated with the following error: 

%%-2147024877

 

 

Microsoft Office Sessions:

=========================

Error: (09/29/2014 07:20:08 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: VIGGILANTE)

Description: HRESULT:0x8004FF06

Description:Microsoft Security Essentials is already installed. A newer version of Security Essentials is already installed on your computer. Error code:0x8004FF06.

 

Error: (09/29/2014 01:50:22 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Explorer.EXE6.1.7601.17567a3c01cfdc0c7edacd50140C:\Windows\Explorer.EXE6d810e0f-4809-11e4-a0a9-38607782e6c5

 

Error: (09/29/2014 06:12:53 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Explorer.EXE6.1.7601.175679c801cfdb3ee688b89e3224C:\Windows\Explorer.EXE78f3a400-47c9-11e4-b288-38607782e6c5

 

Error: (09/28/2014 10:01:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: 7759337A_stp.EXE0.0.0.04b1ae411NSISEncrypt.dll0.0.0.054280577c0000005000038c8182801cfdb2d062058f2C:\Users\PHILLY~1\AppData\Local\Temp\is366025459\7759337A_stp.EXEC:\Users\PHILLY~1\AppData\Local\Temp\nsg2579.tmp\NSISEncrypt.dll4cf5b4f0-4720-11e4-b7b9-38607782e6c5

 

Error: (09/26/2014 08:00:39 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: thehunter.exe1.0.0.1250401cfd9898a600c7524C:\Program Files (x86)\Steam\steamapps\common\theHunter\game\thehunter.exe

 

Error: (09/25/2014 11:05:03 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Skype.exe6.20.0.10488c01cfd905d6d250ac52C:\Program Files (x86)\Skype\Phone\Skype.exe

 

Error: (09/25/2014 03:09:56 PM) (Source: MsiInstaller) (EventID: 11723) (User: VIGGILANTE)

Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\Windows\Installer\MSIA0F5.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (09/25/2014 03:09:55 PM) (Source: MsiInstaller) (EventID: 11723) (User: VIGGILANTE)

Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStart, entry: InstallationStart, library: C:\Windows\Installer\MSI9ADC.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (09/14/2014 11:20:54 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: hl2.exe0.0.0.053948b55ntdll.dll6.1.7601.18247521ea8e7c00000050002e04e3c001cfd099b1293705C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exeC:\Windows\SysWOW64\ntdll.dllaea158c6-3c8f-11e4-ae05-38607782e6c5

 

Error: (09/05/2014 01:08:36 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: chrome.exe37.0.2062.1031af001cfc93425c4fe2d10C:\Program Files (x86)\Google\Chrome\Application\chrome.exe880e943b-3527-11e4-bc29-38607782e6c5

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-09-25 15:25:10.294

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-25 15:25:09.958

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-25 15:25:09.621

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-25 15:15:35.696

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-25 15:15:35.341

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-25 15:15:34.976

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCTRunner\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: AMD E2-3200 APU with Radeon HD Graphics

Percentage of memory in use: 56%

Total physical RAM: 3570.82 MB

Available physical RAM: 1539.93 MB

Total Pagefile: 7139.81 MB

Available Pagefile: 4206.77 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:919.75 GB) (Free:700.1 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (HP_RECOVERY) (Fixed) (Total:11.66 GB) (Free:1.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EAD598F5)

Partition 1: (Active) - (Size=98 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=919.8 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

latest.log

[Phillyt]

Naturally since I am NOT PUTER PROFICIANT...Did I do that right ???

[MrCharlie]

That's the Addition.txt, I need to see the FRST.txt which you would have gotten when you ran FRST64.exe

Also you didn't run RogueKiller and post that log.

MrC

[Phillyt]

Farbar Service Scanner Version: 21-07-2014

Ran by PhillyT65 (administrator) on 01-10-2014 at 12:30:34

Running from "C:\Users\PhillyT65\Downloads"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

[Phillyt]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014

Ran by PhillyT65 (administrator) on VIGGILANTE on 01-10-2014 12:35:14

Running from C:\Users\PhillyT65\Downloads

Loaded Profile: PhillyT65 (Available profiles: PhillyT65 & DefaultAppPool)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

() C:\Windows\score.exe

(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE

(Microsoft Corporation) C:\Windows\System32\snmp.exe

(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Curse) C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\PhillyT65\Downloads\FSS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Farbar) C:\Users\PhillyT65\Downloads\FSS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Farbar) C:\Users\PhillyT65\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll

HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)

HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\Run: [skyDrive] => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)

HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\RunOnce: [uninstall C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"

HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\RunOnce: [uninstall C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"

HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\RunOnce: [uninstall C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"

HKU\S-1-5-21-3041398442-320649397-160515667-1000\...\RunOnce: [uninstall C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"

Startup: C:\Users\PhillyT65\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myyahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE10ENUS/WOL_WCP

URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKLM - {B42D1374-3E73-422B-B53E-54740E2EBFB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 - {B42D1374-3E73-422B-B53E-54740E2EBFB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKCU - DefaultScope {B04FC860-8BC8-40F1-BD12-3B0EFC986F91} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8

SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKCU - {B04FC860-8BC8-40F1-BD12-3B0EFC986F91} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8

SearchScopes: HKCU - {B42D1374-3E73-422B-B53E-54740E2EBFB8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 

Winsock: Catalog9 01 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)

Winsock: Catalog9 02 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)

Winsock: Catalog9 03 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)

Winsock: Catalog9 04 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)

Winsock: Catalog9 15 C:\Windows\SysWOW64\MyOSProtect.dll [304776] (MyOSCompany)

Winsock: Catalog9-x64 01 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)

Winsock: Catalog9-x64 02 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)

Winsock: Catalog9-x64 03 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)

Winsock: Catalog9-x64 04 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)

Winsock: Catalog9-x64 15 C:\Windows\system32\MyOSProtect64.dll [350768] (MyOSCompany)

Tcpip\..\Interfaces\{87F3F179-3F29-417B-92B7-FCFA92AA33B8}: [NameServer] 81.218.119.15,199.203.35.75

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PhillyT65\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

Chrome: 

=======

CHR DefaultSearchURL: Default -> https://us-mg5.mail.yahoo.com/neo/launch?action=compose&To=%s

CHR Profile: C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-13]

CHR Extension: (Google Drive) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-13]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (YouTube) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-13]

CHR Extension: (Google Search) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-24]

CHR Extension: (Google Wallet) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Gmail) - C:\Users\PhillyT65\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-13]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]

R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)

R2 scores; C:\Windows\score.exe [4834816 2014-09-25] () [File not signed]

R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)

R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)

R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)

S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-01] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation)

S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]

S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed]

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX64.sys [57312 2008-06-14] (Ray Hinchliffe)

R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)

R1 MpKslc9d125c2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85280ACD-A8A1-4077-A4FA-93FF4B07333C}\MpKslc9d125c2.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-01 12:34 - 2014-10-01 12:34 - 01100288 _____ (Farbar) C:\Users\PhillyT65\Downloads\FRST.exe

2014-10-01 12:29 - 2014-10-01 12:30 - 00001144 _____ () C:\Users\PhillyT65\Downloads\FSS.txt

2014-10-01 12:28 - 2014-10-01 12:28 - 00415232 _____ (Farbar) C:\Users\PhillyT65\Downloads\FSS.exe

2014-10-01 12:23 - 2014-10-01 12:23 - 02108928 _____ (Farbar) C:\Users\PhillyT65\Downloads\FRST64 (1).exe

2014-10-01 11:55 - 2014-10-01 11:56 - 00036596 _____ () C:\Users\PhillyT65\Downloads\Addition.txt

2014-10-01 11:54 - 2014-10-01 12:35 - 00020696 _____ () C:\Users\PhillyT65\Downloads\FRST.txt

2014-10-01 11:54 - 2014-10-01 12:35 - 00000000 ____D () C:\FRST

2014-10-01 11:53 - 2014-10-01 11:53 - 02108928 _____ (Farbar) C:\Users\PhillyT65\Downloads\FRST64.exe

2014-10-01 03:55 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-01 03:55 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-09-29 19:27 - 2014-10-01 05:52 - 00000112 _____ () C:\Windows\setupact.log

2014-09-29 19:27 - 2014-09-29 19:27 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-26 08:00 - 2014-09-26 23:09 - 00000097 _____ () C:\Users\PhillyT65\AppData\Roaming\LauncherSettings_live.cfg

2014-09-26 07:58 - 2014-09-26 07:58 - 00000039 _____ () C:\Users\PhillyT65\AppData\Roaming\TheHunterSettings_steam_live.cfg

2014-09-26 07:58 - 2014-09-26 07:58 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\theHunter

2014-09-26 07:58 - 2014-09-26 07:58 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\theHunter

2014-09-26 07:56 - 2014-09-26 07:56 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\theHunterSteam

2014-09-26 07:56 - 2014-09-26 07:56 - 00000000 ____D () C:\ProgramData\Hunter

2014-09-25 15:12 - 2014-10-01 02:01 - 00000000 ___HD () C:\Users\Public\Temp

2014-09-25 15:11 - 2014-09-01 13:28 - 00350768 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect64.dll

2014-09-25 15:11 - 2014-09-01 13:28 - 00304776 _____ (MyOSCompany) C:\Windows\SysWOW64\MyOSProtect.dll

2014-09-25 15:10 - 2014-09-26 04:56 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\VOPackage

2014-09-25 15:10 - 2014-09-26 02:15 - 00004038 _____ () C:\Windows\System32\Tasks\LaunchSignup

2014-09-25 15:10 - 2014-09-25 15:10 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\fastplayer

2014-09-25 15:10 - 2014-09-25 15:10 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\com

2014-09-25 15:10 - 2014-09-25 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPlayer

2014-09-25 15:09 - 2014-09-25 10:57 - 04834816 _____ () C:\Windows\score.exe

2014-09-24 00:08 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-24 00:08 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-09-19 23:12 - 2014-09-19 23:12 - 00000219 _____ () C:\Users\PhillyT65\Desktop\Left 4 Dead 2.url

2014-09-12 21:11 - 2014-09-12 21:11 - 00000184 _____ () C:\Users\PhillyT65\Downloads\eula.txt

2014-09-12 21:11 - 2014-09-12 21:11 - 00000061 _____ () C:\Users\PhillyT65\Downloads\server.properties

2014-09-12 21:10 - 2014-09-12 21:11 - 10769744 _____ () C:\Users\PhillyT65\Downloads\minecraft_server.1.8.exe

2014-09-10 04:02 - 2014-09-10 04:02 - 00411056 _____ () C:\Users\PhillyT65\Downloads\setup (1).exe

2014-09-10 03:15 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-10 03:15 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-10 03:15 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-10 03:15 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-10 03:15 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-10 03:15 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-10 03:15 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-10 03:15 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-10 03:15 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-10 03:15 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-10 03:15 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-10 03:15 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-10 03:15 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-10 03:15 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-10 03:15 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-10 03:15 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-10 03:15 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-10 03:15 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-10 03:15 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-10 03:15 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-10 03:15 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-10 03:15 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-10 03:15 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-10 03:15 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-10 03:15 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-10 03:15 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-10 03:15 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-10 03:15 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-10 03:15 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-10 03:15 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-10 03:15 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-10 03:15 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-10 03:15 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-10 03:15 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-10 03:15 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-10 03:15 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-10 03:15 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-10 03:15 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-10 03:15 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-10 03:15 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-10 03:15 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-10 03:15 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 03:15 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-10 03:15 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-10 03:15 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-10 03:15 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-10 03:15 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-10 03:15 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-10 03:15 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-10 03:15 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-10 03:15 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-10 03:15 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-10 03:15 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-10 03:15 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-10 03:15 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-10 03:15 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-10 03:02 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-10 03:02 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 01:31 - 2014-09-23 15:31 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-09-09 16:42 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-09 16:42 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-09 16:41 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-09 16:41 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-09 16:40 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-09-09 16:40 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-09-09 16:40 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-09 16:40 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-09 16:40 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-09 16:40 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-09 16:40 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-08 06:00 - 2014-09-30 06:37 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\Adobe

2014-09-06 13:10 - 2014-09-06 13:10 - 00857696 _____ ( ) C:\Users\PhillyT65\Downloads\Adobe_Flash_Setup.exe

2014-09-05 16:52 - 2014-09-05 16:52 - 00000000 ____D () C:\Users\PhillyT65\Downloads\LOIC-master

2014-09-05 13:07 - 2014-09-05 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-09-05 13:07 - 2014-09-05 13:07 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-09-05 13:07 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

2014-09-03 19:54 - 2014-09-03 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA

2014-09-03 19:51 - 2014-09-03 19:51 - 00000222 _____ () C:\Users\PhillyT65\Desktop\Terraria.url

2014-09-03 18:23 - 2014-09-03 18:24 - 07688351 _____ () C:\Users\PhillyT65\Desktop\INTRO!!!!!.mp4

2014-09-03 18:18 - 2014-09-03 18:18 - 00000076 _____ () C:\Users\PhillyT65\Downloads\INTRO!!!!!.mxf.sfl

2014-09-03 18:17 - 2014-09-03 18:18 - 20100156 _____ () C:\Users\PhillyT65\Downloads\INTRO!!!!!.mxf

2014-09-01 12:28 - 2014-09-01 12:31 - 00372200 _____ () C:\Users\PhillyT65\Downloads\lavender town - solkrieg's dream eater dubstep remix.mp3.sfk

2014-09-01 12:27 - 2014-09-10 04:01 - 00003212 _____ () C:\Windows\System32\Tasks\YourFileDownloader Installer Starter

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-01 12:19 - 2013-12-24 09:41 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-01 12:16 - 2013-01-07 17:43 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\Deployment

2014-10-01 12:05 - 2013-01-07 16:33 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{553BECE3-7405-4C06-8481-01D3ECC7CBCD}

2014-10-01 11:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-01 11:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-01 11:17 - 2014-04-15 04:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-01 11:14 - 2014-06-13 23:28 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\Skype

2014-10-01 11:14 - 2014-03-28 20:31 - 00000000 ____D () C:\ProgramData\Skype

2014-10-01 06:21 - 2013-01-07 16:24 - 01336810 _____ () C:\Windows\WindowsUpdate.log

2014-10-01 06:16 - 2014-08-20 17:09 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\LogMeIn Hamachi

2014-10-01 06:16 - 2014-05-25 00:51 - 00000000 ___RD () C:\Users\PhillyT65\OneDrive

2014-10-01 06:16 - 2013-12-24 09:41 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-01 05:55 - 2011-11-04 10:28 - 00000000 ____D () C:\ProgramData\PDFC

2014-10-01 05:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv

2014-10-01 05:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-01 05:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration

2014-10-01 05:52 - 2010-11-20 22:47 - 00797270 _____ () C:\Windows\PFRO.log

2014-09-30 23:21 - 2014-05-18 18:43 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-09-30 16:46 - 2013-06-23 07:42 - 00000000 ___HD () C:\Windows\msdownld.tmp

2014-09-30 16:41 - 2014-06-18 09:22 - 00000000 ____D () C:\Program Files (x86)\OpenAL

2014-09-29 19:20 - 2013-01-07 21:14 - 00002057 _____ () C:\Windows\epplauncher.mif

2014-09-29 16:01 - 2013-01-07 16:33 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPhillyT65

2014-09-29 16:01 - 2013-01-07 16:33 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForPhillyT65.job

2014-09-29 14:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-29 13:38 - 2014-07-24 20:06 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\PMB Files

2014-09-29 12:40 - 2013-01-07 16:24 - 00000000 ____D () C:\Users\PhillyT65

2014-09-29 12:39 - 2014-07-24 20:06 - 00000000 ____D () C:\ProgramData\PMB Files

2014-09-29 12:39 - 2014-05-18 00:13 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\Battle.net

2014-09-29 12:39 - 2013-10-29 16:56 - 00000000 ____D () C:\Users\DefaultAppPool

2014-09-29 12:39 - 2011-11-04 10:21 - 00000000 ____D () C:\ProgramData\RoxioNow

2014-09-29 12:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc

2014-09-29 11:17 - 2014-05-18 00:13 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\Battle.net

2014-09-28 10:01 - 2013-01-08 17:40 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\CrashDumps

2014-09-27 18:37 - 2014-05-25 00:49 - 00000000 ____D () C:\Users\PhillyT65\AppData\Local\Windows Live

2014-09-26 16:49 - 2011-11-04 10:22 - 00000000 ____D () C:\ProgramData\CyberLink

2014-09-26 16:49 - 2011-11-04 10:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-09-26 04:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas

2014-09-25 17:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-09-25 15:39 - 2009-07-14 00:13 - 00869632 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-25 15:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI

2014-09-25 15:11 - 2014-05-21 18:34 - 00000000 ____D () C:\ProgramData\Package Cache

2014-09-25 06:26 - 2014-05-25 00:51 - 00002192 _____ () C:\Users\PhillyT65\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

2014-09-24 22:00 - 2013-01-30 22:08 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-09-24 22:00 - 2013-01-09 22:05 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-09-24 21:59 - 2013-01-16 22:36 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\HP Support Assistant

2014-09-24 21:59 - 2013-01-08 17:39 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\HpUpdate

2014-09-22 01:42 - 2010-11-20 22:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-16 17:56 - 2014-06-04 21:39 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\.minecraft

2014-09-13 11:23 - 2014-05-18 00:14 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

2014-09-13 11:23 - 2014-05-18 00:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-09-10 03:14 - 2011-02-11 12:15 - 00861754 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-10 03:13 - 2013-01-07 21:14 - 00002119 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-09-10 03:12 - 2013-07-16 07:57 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-10 03:12 - 2013-01-07 21:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-09-10 03:12 - 2013-01-07 21:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-09-10 03:03 - 2013-01-08 09:16 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-10 03:02 - 2014-05-05 20:44 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-09-08 10:42 - 2013-07-15 17:19 - 47296000 ___SH () C:\Users\PhillyT65\Downloads\Thumbs.db

2014-09-05 13:07 - 2014-08-20 17:08 - 00000888 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

2014-09-03 19:54 - 2014-06-19 16:12 - 00000000 ____D () C:\Users\PhillyT65\Documents\My Games

2014-09-03 18:17 - 2014-08-31 12:35 - 00000000 ____D () C:\Users\PhillyT65\AppData\Roaming\Sony

2014-09-01 21:05 - 2013-01-07 16:35 - 00003222 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForVIGGILANTE$

2014-09-01 21:05 - 2013-01-07 16:35 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForVIGGILANTE$.job

 

Some content of TEMP:

====================

C:\Users\PhillyT65\AppData\Local\Temp\BackupSetup.exe

C:\Users\PhillyT65\AppData\Local\Temp\EdSD9.dll

C:\Users\PhillyT65\AppData\Local\Temp\EdSD9.exe

C:\Users\PhillyT65\AppData\Local\Temp\GVRA8.exe

C:\Users\PhillyT65\AppData\Local\Temp\OnlineBackup.exe

C:\Users\PhillyT65\AppData\Local\Temp\SpOrder.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-26 00:27

 

==================== End Of Log ============================

[Phillyt]

RogueKiller V9.2.13.0 (x64) [sep 25 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : PhillyT65 [Admin rights]

Mode : Scan -- Date : 10/01/2014  12:50:42

 

¤¤¤ Bad processes : 2 ¤¤¤

[suspicious.Path] CurseClient.exe -- C:\Users\PhillyT65\AppData\Local\Apps\2.0\ERXJTPLH.73J\WHMQDXBJ.2ZK\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe[-] -> KILLED [TermProc]

[suspicious.Path] (SVC) scores -- C:\Windows\score.exe[-] -> STOPPED

 

¤¤¤ Registry Entries : 22 ¤¤¤

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\scores (C:\Windows\score.exe) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\scores (C:\Windows\score.exe) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\scores (C:\Windows\score.exe) -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87F3F179-3F29-417B-92B7-FCFA92AA33B8} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{87F3F179-3F29-417B-92B7-FCFA92AA33B8} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{87F3F179-3F29-417B-92B7-FCFA92AA33B8} | NameServer : 81.218.119.15,199.203.35.75  -> FOUND

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://myyahoo.com/  -> FOUND

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3041398442-320649397-160515667-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://myyahoo.com/  -> FOUND

 

¤¤¤ Scheduled tasks : 1 ¤¤¤

[suspicious.Path] \\YourFileDownloader Installer Starter -- C:\Users\PHILLY~1\AppData\Local\Temp\YourFileDownloaderaN37b7xtHB.exe (-startup) -> FOUND

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 4 (Driver: LOADED) ¤¤¤

[EAT:Addr] (explorer.exe) msi.dll - DllCanUnloadNow : C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll @ 0x7fef3c1b8e4

[EAT:Addr] (explorer.exe) msi.dll - DllGetClassObject : C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll @ 0x7fef3c1b91c

[EAT:Addr] (explorer.exe) msi.dll - DllRegisterServer : C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll @ 0x7fef3c1ba4c

[EAT:Addr] (explorer.exe) msi.dll - DllUnregisterServer : C:\Users\PhillyT65\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll @ 0x7fef3c1bb1c

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤

[MrCharlie]

Make sure you have created a restore point and.....

Download Delfix from Here and save it to your desktop.

• Place a check mark in front of .......
• Create registry backup <---only!
• Uncheck the rest!
• Click the Run button.

  Close the tool out when it's done....we'll use it later.

  ======================================

  Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

  Run FRST.exe/FRST64.exe and click Fix only once and wait

  The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

  =====================================

  Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  Next..................

  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  Next.........

  Please run a Threat Scan

  Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

  Same for PUM (Potentially Unwanted Modifications)

  Quarantine All that's found

  MrC

[Phillyt]

Thanks for all you have suggested but I think I'll just junk this machine out n get a new one..I can't keep loading all these files since when I got the machine  it was used

[MrCharlie]

OK...MrC

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!