trelfinator Posted October 7, 2014 ID:887391 Share Posted October 7, 2014 Hi there, Recently my laptop has been slow at starting up and runnign simple processes. I've run a scan using malwarebytes already and it has cleared some things up. However it is still slow. I have a few processes that are using a lot of CPU. These are; wmiprvse, system idle process and rapport. Wondering if there is anything I can do to get my computer back upto speed? Thanks Link to post Share on other sites More sharing options...
Psychotic Posted October 7, 2014 ID:887398 Share Posted October 7, 2014 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window. You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.The logs can be found here:-- XP: C:\Documents and Settings\\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-ddZip any and all of these logs and attach the file to your next reply. Link to post Share on other sites More sharing options...
trelfinator Posted October 7, 2014 Author ID:887408 Share Posted October 7, 2014 Hi Ok I've found my logs, there are three. I'll post them up now. mbam-log-2014-10-04 (20-03-26).zipmbam-log-2014-10-04 (21-59-59).zipmbam-log-2014-10-05 (11-17-41).zip Is this what you wanted? Apologies I'm not the best with computers! Thanks Link to post Share on other sites More sharing options...
Psychotic Posted October 9, 2014 ID:888115 Share Posted October 9, 2014 Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desktop. Poste the FRST.txt and (after the first scan only!) the Addition.txt. Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Show All ( should be unchecked by default )[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your desktopExecute TDSSKiller.exe by doubleclicking on it. Press Start ScanIf Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease attach this file to your next reply. Link to post Share on other sites More sharing options...
trelfinator Posted October 10, 2014 Author ID:888362 Share Posted October 10, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01 Ran by Sarah (administrator) on SARAHS_LAPPY on 10-10-2014 09:45:08 Running from C:\Users\Sarah\Desktop Loaded Profile: Sarah (Available profiles: Sarah & Dad) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Spotify Ltd) C:\Users\Sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Apple Inc.) C:\Software\iTunes\iTunesHelper.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\DelayLoad.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-07-18] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-07-01] (IDT, Inc.) HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7032320 2013-08-17] (Broadcom Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe [77824 2012-09-07] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.) HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] () HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-17] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Software\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2187454049-2990475156-956886722-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2187454049-2990475156-956886722-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2187454049-2990475156-956886722-1000\...\Run: [Spotify Web Helper] => C:\Users\Sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-02] (Spotify Ltd) HKU\S-1-5-21-2187454049-2990475156-956886722-1000\...\MountPoints2: {03651fb5-7516-11e2-8681-c01885f98c1f} - F:\KODAK_Camera_Setup_App.exe AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computer stuff\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computer stuff\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2 SearchScopes: HKLM - {67B3D6D9-A186-4164-8FDA-1E215311B07A} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKCU - {393D6CFB-2771-42E9-A65B-8F15B70C9B8F} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=en_GB&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^GB&apn_uid=fb82b84c-529b-45d5-a876-f3739206070e&apn_sauid=6EDB9680-028B-4482-B5DE-28A41E59A012 SearchScopes: HKCU - {67B3D6D9-A186-4164-8FDA-1E215311B07A} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-10-16] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 FireFox: ======== FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\v90tvxg4.default FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Google FF Homepage: www.google.co.uk FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Software\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Sarah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Extension: FirefoxAdKiller - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\v90tvxg4.default\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2013-10-19] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-06] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePluginFor6.crx [2013-09-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-17] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-17] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-10-01] (IBM Corp.) S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011a\RpcAgentSrv.exe [93848 2009-08-10] (SiSoftware) [File not signed] R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2013-08-17] (Broadcom Corporation) [File not signed] R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-21] (Broadcom Corporation.) R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-21] (Broadcom Corporation.) R1 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys [761720 2014-10-08] () R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445880 2014-10-01] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-10-01] (IBM Corp.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-05] () R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD) S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x64\Sandra.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-10 09:45 - 2014-10-10 09:48 - 00029393 _____ () C:\Users\Sarah\Desktop\FRST.txt 2014-10-10 09:44 - 2014-10-10 09:45 - 00000000 ____D () C:\FRST 2014-10-10 09:43 - 2014-10-10 09:43 - 02109952 _____ (Farbar) C:\Users\Sarah\Desktop\FRST64.exe 2014-10-06 15:21 - 2014-10-06 15:21 - 00000239 _____ () C:\Users\Sarah\Downloads\Body scan.wav 2014-10-05 14:31 - 2014-10-05 14:31 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-10-05 14:30 - 2014-10-05 14:30 - 02347384 _____ (ESET) C:\Users\Dad\Downloads\esetsmartinstaller_enu.exe 2014-10-05 10:54 - 2014-10-05 11:06 - 00000000 ____D () C:\AdwCleaner 2014-10-05 10:52 - 2014-10-05 10:52 - 00005552 _____ () C:\Users\Dad\Desktop\JRT.txt 2014-10-05 10:30 - 2014-10-05 10:30 - 00000000 ____D () C:\Windows\ERUNT 2014-10-05 10:22 - 2014-10-05 10:22 - 02109440 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe 2014-10-05 10:21 - 2014-10-05 10:21 - 01375089 _____ () C:\Users\Dad\Downloads\AdwCleaner.exe 2014-10-05 10:20 - 2014-10-05 10:20 - 01704938 _____ (Thisisu) C:\Users\Dad\Downloads\JRT.exe 2014-10-05 09:56 - 2014-10-05 09:56 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-10-05 09:54 - 2014-10-05 09:56 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-10-05 09:53 - 2014-10-05 09:53 - 05472344 _____ () C:\Users\Dad\Downloads\RogueKillerX64.exe 2014-10-04 21:54 - 2014-10-04 21:54 - 00000000 ____D () C:\Windows\ERDNT 2014-10-04 21:53 - 2014-10-04 21:53 - 00000905 _____ () C:\Users\Sarah\Desktop\ERUNT.lnk 2014-10-04 21:53 - 2014-10-04 21:53 - 00000905 _____ () C:\Users\Dad\Desktop\ERUNT.lnk 2014-10-04 21:53 - 2014-10-04 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-10-04 21:53 - 2014-10-04 21:53 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-10-04 21:52 - 2014-10-04 21:52 - 00791393 _____ (Lars Hederer ) C:\Users\Dad\Downloads\erunt-setup.exe 2014-10-04 21:49 - 2014-10-04 21:54 - 00002726 _____ () C:\Users\Dad\Desktop\Rkill.txt 2014-10-04 21:48 - 2014-10-04 21:48 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Dad\Downloads\rkill.exe 2014-10-04 20:01 - 2014-10-05 11:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-04 20:00 - 2014-10-04 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-04 20:00 - 2014-10-04 20:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-04 20:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-04 20:00 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-04 19:58 - 2014-10-04 19:58 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-04 19:58 - 2014-10-04 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-04 19:45 - 2014-10-04 19:59 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-01 22:36 - 2014-10-01 22:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\{15CADA93-52E2-4197-9F1C-F179A8C0B1A1} 2014-10-01 09:28 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 09:28 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-30 11:05 - 2014-10-04 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-26 00:11 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-26 00:11 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-21 11:02 - 2014-09-21 11:02 - 00000000 ____D () C:\Users\Sarah\AppData\Local\{480ADAF8-AAF9-473A-A9CE-9987F836657B} 2014-09-20 16:13 - 2014-09-20 16:13 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Adobe 2014-09-19 10:34 - 2014-09-19 10:34 - 00000000 ____D () C:\Users\Sarah\AppData\Local\{B7E93321-F7AD-422E-A550-6817560552EC} 2014-09-19 09:35 - 2014-09-19 09:35 - 00219648 _____ () C:\Users\Sarah\Downloads\AL form 2014.xls 2014-09-18 22:17 - 2014-09-18 22:17 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Windows Live Writer 2014-09-18 22:17 - 2014-09-18 22:17 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Windows Live Writer 2014-09-18 22:17 - 2014-09-18 22:17 - 00000000 ____D () C:\Users\Sarah\AppData\Local\{D87FBFC2-EEC9-46E5-922A-A37F7109A48F} 2014-09-17 19:43 - 2014-10-08 14:17 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSarah 2014-09-17 17:35 - 2014-09-21 21:29 - 00043039 _____ () C:\Users\Sarah\Desktop\sign ups.xlsx 2014-09-17 14:15 - 2014-09-17 15:23 - 00020678 _____ () C:\Users\Sarah\sign ups.xlsx 2014-09-13 13:58 - 2014-10-08 14:17 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForSarah.job 2014-09-13 12:48 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-13 12:48 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-13 12:48 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-13 12:47 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-13 12:47 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-13 12:47 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-13 12:47 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-13 12:47 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-13 12:47 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-13 12:47 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-13 12:47 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-13 12:47 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-13 12:47 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-13 12:47 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-13 12:47 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-13 12:47 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-13 12:47 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-13 12:47 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-13 12:47 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-13 12:47 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-13 12:47 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-13 12:47 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-13 12:47 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-13 12:47 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-13 12:47 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-13 12:47 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-13 12:47 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-13 12:47 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-13 12:47 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-13 12:47 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-13 12:47 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-13 12:47 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-13 12:47 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-13 12:47 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-13 12:47 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-13 12:47 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-13 12:47 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-13 12:47 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-13 12:47 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-13 12:47 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-13 12:47 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-13 12:47 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-13 12:47 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-13 12:47 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-13 12:47 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-13 12:47 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-13 12:47 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-13 12:47 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-13 12:47 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-13 12:47 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-13 12:47 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-13 12:47 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-13 12:47 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-13 12:47 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-13 12:47 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-13 12:47 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-13 11:55 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-13 11:55 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-13 11:39 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-13 11:39 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-13 11:31 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-13 11:31 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-13 11:27 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-13 11:27 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-13 11:27 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-13 11:27 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-13 11:27 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-10 09:51 - 2012-07-12 00:46 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2187454049-2990475156-956886722-1000UA.job 2014-10-10 09:47 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-10 09:47 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-10 09:43 - 2012-04-11 09:33 - 01199546 _____ () C:\Windows\WindowsUpdate.log 2014-10-10 09:34 - 2012-09-20 11:36 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Htc 2014-10-10 09:32 - 2012-09-29 13:30 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-10 09:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-10 09:24 - 2009-07-14 05:51 - 00107746 _____ () C:\Windows\setupact.log 2014-10-09 21:24 - 2012-07-23 12:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-09 21:09 - 2012-09-29 13:30 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-09 19:33 - 2012-07-07 18:23 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8DC6EBFA-1A02-4D02-A09B-DC9F51C3614A} 2014-10-09 10:32 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-08 18:18 - 2012-07-22 16:06 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Spotify 2014-10-08 12:59 - 2013-09-18 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2014-10-07 14:56 - 2012-07-22 16:07 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Spotify 2014-10-07 14:22 - 2012-10-07 18:28 - 00000000 ____D () C:\Users\Sarah\Documents\Uni 2014-10-05 12:30 - 2012-07-22 16:01 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-10-05 12:30 - 2012-07-08 18:11 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-10-05 11:13 - 2012-07-07 20:07 - 00000000 ____D () C:\Users\Dad\AppData\Local\CrashDumps 2014-10-05 11:10 - 2013-07-23 18:50 - 00000000 ____D () C:\Users\Dad\AppData\Local\Htc 2014-10-05 11:07 - 2010-11-21 04:47 - 00702910 _____ () C:\Windows\PFRO.log 2014-10-05 00:51 - 2012-07-12 00:46 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2187454049-2990475156-956886722-1000Core.job 2014-10-04 21:40 - 2012-07-07 20:00 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{915F853A-F496-4452-8782-A7D5AA1D1285} 2014-10-04 21:26 - 2013-11-17 18:25 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan 2014-10-04 21:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors 2014-10-04 20:00 - 2013-08-18 19:16 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Malwarebytes 2014-10-04 20:00 - 2013-08-18 19:16 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-04 20:00 - 2013-08-18 19:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-10-04 19:58 - 2013-05-30 00:35 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-10-04 19:45 - 2013-05-23 15:23 - 00000000 ____D () C:\ProgramData\Avira 2014-10-04 19:44 - 2012-07-07 20:03 - 00111536 _____ () C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-04 17:05 - 2012-10-15 15:06 - 00000000 ____D () C:\Users\Sarah\AppData\Local\CrashDumps 2014-10-04 13:28 - 2012-07-07 18:17 - 00000000 ____D () C:\Users\Sarah 2014-10-04 00:13 - 2012-07-07 19:59 - 00000000 ____D () C:\Users\Dad 2014-10-04 00:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-10-04 00:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing 2014-10-04 00:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas 2014-10-02 22:47 - 2012-09-07 21:40 - 00000000 ____D () C:\Users\Sarah\Documents\My PDFill 2014-10-02 21:29 - 2012-07-07 19:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-26 00:25 - 2012-07-23 12:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-26 00:24 - 2012-07-07 20:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-26 00:24 - 2011-10-16 01:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-20 16:26 - 2013-05-30 13:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-18 22:16 - 2012-07-08 19:44 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Windows Live 2014-09-15 09:06 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-13 12:45 - 2012-07-11 12:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-13 12:36 - 2012-07-07 20:24 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-13 12:32 - 2013-07-23 21:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-13 11:58 - 2012-07-07 19:14 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Dad\AppData\Local\Temp\avgnt.exe C:\Users\Dad\AppData\Local\Temp\ConfigurationWizard.exe C:\Users\Dad\AppData\Local\Temp\Extract.exe C:\Users\Dad\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Dad\AppData\Local\Temp\Quarantine.exe C:\Users\Dad\AppData\Local\Temp\SP54945.exe C:\Users\Dad\AppData\Local\Temp\SP55140.exe C:\Users\Dad\AppData\Local\Temp\SP56750.exe C:\Users\Sarah\AppData\Local\Temp\aipb74in.dll C:\Users\Sarah\AppData\Local\Temp\ARCompanionForSession1.exe C:\Users\Sarah\AppData\Local\Temp\avgnt.exe C:\Users\Sarah\AppData\Local\Temp\catalyst_mobility_64-bit_util.exe C:\Users\Sarah\AppData\Local\Temp\ConfigurationWizard.exe C:\Users\Sarah\AppData\Local\Temp\eialy0on.dll C:\Users\Sarah\AppData\Local\Temp\Extract.exe C:\Users\Sarah\AppData\Local\Temp\kmkdqwv6.dll C:\Users\Sarah\AppData\Local\Temp\NEW10D2.tmp.exe C:\Users\Sarah\AppData\Local\Temp\NEW19A8.tmp.exe C:\Users\Sarah\AppData\Local\Temp\NEW6171.tmp.exe C:\Users\Sarah\AppData\Local\Temp\NEW84C9.tmp.exe C:\Users\Sarah\AppData\Local\Temp\NEW8B9D.tmp.exe C:\Users\Sarah\AppData\Local\Temp\NEWB329.tmp.exe C:\Users\Sarah\AppData\Local\Temp\NEWCE37.tmp.exe C:\Users\Sarah\AppData\Local\Temp\NEWF6DD.tmp.exe C:\Users\Sarah\AppData\Local\Temp\p1soqdj7.dll C:\Users\Sarah\AppData\Local\Temp\piz1_soy.dll C:\Users\Sarah\AppData\Local\Temp\q9jyrzkm.dll C:\Users\Sarah\AppData\Local\Temp\r1v72mkw.dll C:\Users\Sarah\AppData\Local\Temp\setup.exe C:\Users\Sarah\AppData\Local\Temp\SkypeSetup.exe C:\Users\Sarah\AppData\Local\Temp\SP55140.exe C:\Users\Sarah\AppData\Local\Temp\SP56478.exe C:\Users\Sarah\AppData\Local\Temp\SP56878.exe C:\Users\Sarah\AppData\Local\Temp\SP56929.exe C:\Users\Sarah\AppData\Local\Temp\SP56997.exe C:\Users\Sarah\AppData\Local\Temp\SP56998.exe C:\Users\Sarah\AppData\Local\Temp\SP56999.exe C:\Users\Sarah\AppData\Local\Temp\SP57232.exe C:\Users\Sarah\AppData\Local\Temp\SP57398.exe C:\Users\Sarah\AppData\Local\Temp\SP57549.exe C:\Users\Sarah\AppData\Local\Temp\SP57682.exe C:\Users\Sarah\AppData\Local\Temp\SP57698.exe C:\Users\Sarah\AppData\Local\Temp\sp58915.exe C:\Users\Sarah\AppData\Local\Temp\SP59202.exe C:\Users\Sarah\AppData\Local\Temp\SP59585.exe C:\Users\Sarah\AppData\Local\Temp\SP60051.exe C:\Users\Sarah\AppData\Local\Temp\SP60868.exe C:\Users\Sarah\AppData\Local\Temp\srds3cvh.dll C:\Users\Sarah\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-23 18:38 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
trelfinator Posted October 10, 2014 Author ID:888366 Share Posted October 10, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014 01 Ran by Sarah at 2014-10-10 09:53:59 Running from C:\Users\Sarah\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.) Advanced SystemCare 6 (HKLM-x32\...\Advanced SystemCare 6_is1) (Version: 6.4 - IObit) AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.60908.2204 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2011.0628.2340.40663 - ATI) Hidden Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.4.57710 - Ask.com) <==== ATTENTION ATI Catalyst Install Manager (HKLM\...\{E686FBB0-B356-96BE-A9ED-2D8286AA0386}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{9EAAB95B-17B6-43CF-B4E9-4A90937C83FD}) (Version: 3.2.9594 - K-NFB Reading Technology, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.82.130 - Broadcom Corporation) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation) Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2300 - Broadcom Corporation) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.2300 - Broadcom Corporation) Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.148 - Broadcom Corporation) BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden C4700 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0628.2340.40663 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.0628.2340.40663 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2011.0628.2340.40663 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Czech (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Danish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Dutch (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help English (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Finnish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help French (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help German (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Greek (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Hungarian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Italian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Japanese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Korean (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Norwegian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Polish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Portuguese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Russian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Spanish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Swedish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Thai (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Turkish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden ccc-utility64 (Version: 2011.0628.2340.40663 - ATI) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.) Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden Citrix Receiver(DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden Citrix Receiver(USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4606 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.5.1.4606 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard) Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company) HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden HP Connection Manager (HKLM-x32\...\{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}) (Version: 4.1.25.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Documentation (HKLM-x32\...\{4D5D18BA-FF9C-40DA-A3B9-661D76EC0FB1}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife) HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP) HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company) HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company) HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC) HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation) HTC Sync (HKLM-x32\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation) IBM SPSS Statistics 21 (HKLM-x32\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6351.0 - IDT) iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.) Java(TM) SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden KeePass Password Safe 1.23 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.23 - Dominik Reichl) KODAK Share Button App (HKLM-x32\...\{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}) (Version: 4.05.0000.0000 - Eastman Kodak Company) Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden Rapport (x32 Version: 3.5.1404.19 - Trusteer) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SiSoftware Sandra Lite 2011a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1) (Version: 17.20.2011.1 - SiSoftware) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB) Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.19 - Trusteer) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ZoneAlarm Firewall (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.780.000 - Check Point) ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies) ZoneAlarm Security (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-09-2014 17:06:54 Windows Update 23-09-2014 10:19:24 Windows Update 26-09-2014 07:20:55 Windows Update 30-09-2014 14:18:53 Windows Update 02-10-2014 20:34:25 Windows Update 02-10-2014 20:45:34 Restore Operation 07-10-2014 13:32:15 Windows Update 08-10-2014 11:54:53 Installed Rapport ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {07C797F5-B8BF-4BAA-A20C-2D05F63E9F6C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated) Task: {1A60CAF9-9FC2-49B9-90EF-4E90C31150F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {346BC9EC-5A33-42A7-81AF-60A07CECE0D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {365BD4CB-3B15-4A44-A6BC-4A657FFB2616} - System32\Tasks\{3EFE2439-C5DE-43AE-BD15-A5258043E845} => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe Task: {4D4297F0-53D5-47C8-80D4-0616000BAEDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29] (Google Inc.) Task: {54E9D4A5-197B-4C94-A306-DF644209AC32} - System32\Tasks\HPCeeScheduleForSarah => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {6126C2C5-498C-4DB2-A045-EBA19C9E56EA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-10-06] (CyberLink) Task: {6291FFB1-C188-4260-9C36-5F48FCF5F048} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-09-06] (Microsoft) Task: {693376A8-A945-48FA-B236-44FDA92CCE48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-09-27] (Hewlett-Packard Company) Task: {7827EB5D-2B32-4B3A-9758-4BDB5C93E13E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {86F8C2AE-B6E3-411B-B0B1-E9B11908C7F1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2187454049-2990475156-956886722-1000Core => C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {8B88CF44-C17B-4F71-984B-F8C9125ADD87} - System32\Tasks\{5044C197-5C85-400E-8F1D-612173E4136F} => C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe Task: {8CB0FCF1-1CE0-46D8-96D9-C56BBED1BFB6} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-10-11] (Eastman Kodak Company) Task: {8D6F142C-74C5-4D34-BB07-B251C9CC3C44} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {9726C6C5-B80F-4283-A4C7-6CE093F08A54} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {9D68887E-0B67-4581-8390-43933DA746D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {AA6FBD3B-E089-469D-80C5-329777131FD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {B738069D-7110-4F52-A1A9-19E0CA411B64} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2187454049-2990475156-956886722-1000UA => C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {D784A086-06F6-4A2B-BCC5-11C0D5A77925} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard) Task: {DC4191D8-8288-4484-A67C-657ED589E3D5} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] () Task: {E040164A-D0C2-4965-A5B1-9A3300930C35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29] (Google Inc.) Task: {E8F4CD3D-51D3-4D90-931A-950C1AAE8DEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2187454049-2990475156-956886722-1000Core.job => C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2187454049-2990475156-956886722-1000UA.job => C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForSarah.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2011-12-19 23:34 - 2011-12-19 23:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe 2012-04-17 15:05 - 2012-04-17 15:05 - 00651264 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe 2011-04-27 17:05 - 2011-04-27 17:05 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll 2011-06-29 07:38 - 2011-06-29 07:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-06-17 21:42 - 2011-06-17 21:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2013-09-12 21:18 - 2013-01-15 18:47 - 00517440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\sqlite3.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll 2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll 2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2012-04-17 15:05 - 2012-04-17 15:05 - 00103936 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll 2012-04-17 15:05 - 2012-04-17 15:05 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll 2012-04-17 15:05 - 2012-04-17 15:05 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll 2012-04-17 15:05 - 2012-04-17 15:05 - 00389120 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll 2012-04-17 15:05 - 2012-04-17 15:05 - 00151552 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll 2012-04-17 15:05 - 2012-04-17 15:05 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll 2012-04-17 15:05 - 2012-04-17 15:05 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll 2012-04-17 15:05 - 2012-04-17 15:05 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll 2014-10-05 20:12 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Sarah\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll 2011-04-27 17:05 - 2011-04-27 17:05 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll 2014-09-30 11:06 - 2014-09-30 11:06 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2187454049-2990475156-956886722-500 - Administrator - Disabled) Dad (S-1-5-21-2187454049-2990475156-956886722-1003 - Administrator - Enabled) => C:\Users\Dad Guest (S-1-5-21-2187454049-2990475156-956886722-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2187454049-2990475156-956886722-1002 - Limited - Enabled) Sarah (S-1-5-21-2187454049-2990475156-956886722-1000 - Administrator - Enabled) => C:\Users\Sarah ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/10/2014 09:25:53 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2014 08:12:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 14539 Error: (10/09/2014 08:12:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 14539 Error: (10/09/2014 08:12:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/09/2014 08:11:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 12121 Error: (10/09/2014 08:11:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 12121 Error: (10/09/2014 08:11:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/09/2014 08:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8673 Error: (10/09/2014 08:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8673 Error: (10/09/2014 08:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (10/10/2014 09:25:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/09/2014 09:43:24 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (10/09/2014 07:09:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. Error: (10/09/2014 07:07:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/09/2014 10:34:51 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (10/09/2014 09:53:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/08/2014 06:19:14 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4} Error: (10/08/2014 06:18:58 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (10/08/2014 05:50:10 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR2. Error: (10/08/2014 05:50:09 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR2. Microsoft Office Sessions: ========================= Error: (10/10/2014 09:25:53 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2014 08:12:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 14539 Error: (10/09/2014 08:12:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 14539 Error: (10/09/2014 08:12:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/09/2014 08:11:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 12121 Error: (10/09/2014 08:11:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 12121 Error: (10/09/2014 08:11:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/09/2014 08:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8673 Error: (10/09/2014 08:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8673 Error: (10/09/2014 08:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors: =================================== Date: 2013-08-18 22:03:38.319 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 21:54:39.615 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 21:13:44.190 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 20:24:45.450 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 19:15:28.027 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 18:08:18.821 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 17:55:38.824 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 14:37:01.598 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 14:12:12.281 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-18 13:17:37.773 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD E-450 APU with Radeon(tm) HD Graphics Percentage of memory in use: 53% Total physical RAM: 3689.41 MB Available physical RAM: 1727.87 MB Total Pagefile: 7376.99 MB Available Pagefile: 4432.7 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:271.24 GB) (Free:166.61 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:22.69 GB) (Free:2.43 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.01 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: CEC4B1B2) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=271.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=22.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ==================== End Of Log ============================ GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-10 10:33:03 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 Hitachi_ rev.ES2O 298.09GB Running: 1zsurzgp.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\fwdirkow.sys ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [896] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2012-09-24 11:20:01) 0000000073970000 Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [896] (Microsoft® C Runtime Library/Microsoft Corporation)(2012-09-24 11:20:01) 00000000738d0000 Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCP80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [4292] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2012-09-24 11:20:01) 0000000073970000 Library C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\MSVCR80.dll (*** suspicious ***) @ C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [4292] (Microsoft® C Runtime Library/Microsoft Corporation)(2012-09-24 11:20:01) 00000000738d0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4aee2fd Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f98c1f Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4aee2fd (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f98c1f (not active ControlSet) ---- EOF - GMER 2.1 ---- TDSSKiller.3.0.0.40_10.10.2014_13.32.11_log.txt Link to post Share on other sites More sharing options...
Psychotic Posted October 13, 2014 ID:889073 Share Posted October 13, 2014 Full System Scan with Malwarebytes AntimalwareIf not existing, please download Malwarebytes Anti-Malware to your desktop. Double-click the downloaded setup file and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. [*]Click Finish.If the program is already installed:Run Malwarebytes Antimalware On the Dashboard, click the 'Update Now >>' link After the update completes, click the 'Scan Now >>' button. Or, on the Dashboard, click the Scan Now >> button. If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes.After the restart once you are back at your desktop, open MBAM once more. Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click 'Copy to Clipboard' Paste the contents of the clipboard into your reply. Scan with ESET Online ScanGo here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as AdministratorNote: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.Click the blue Run ESET Online Scanner buttonTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install buttonOnce the activex control is installed, on the next screen click on Enable detection of potentially unwanted applicationsClick on Advanced SettingsMake sure that the option Remove found threats is unticked. Ensure these options are tickedScan archivesScan for potentially unsafe applicationsEnable Anti-Stealth technology[*]Click Start[*]Wait for the scan to finish[*]When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."[*] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[*]Close the ESET online scan, and let me know how things are now. Link to post Share on other sites More sharing options...
trelfinator Posted October 18, 2014 Author ID:891698 Share Posted October 18, 2014 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 16/10/2014 Scan Time: 09:48:14 Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.16.02 Rootkit Database: v2014.10.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Sarah Scan Type: Threat Scan Result: Completed Objects Scanned: 397945 Time Elapsed: 3 hr, 44 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application deleted - quarantined C:\Users\Dad\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined C:\Users\Dad\Downloads\zafwSetupWeb_110_780_000.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined Link to post Share on other sites More sharing options...
Psychotic Posted October 20, 2014 ID:892955 Share Posted October 20, 2014 Then we can do the cleanup - if you are facing any issues, report that immediately.Delete junk with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exe Hit Scan and wait for the scan to finish. Confirm the message but don´t uncheck anything. Hit Clean When the run is finished, it will open up a text file Please post its contents within your next reply You´ll find the log file at C:\AdwCleaner[s1].txt alsoDelete junk with JRT Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.SecurityCheckReboot your system before starting!Please download SecurityCheck: LINK Mirror (if the link is down)Save it to your desktop, start it and follow the instructions in the window. After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box! Link to post Share on other sites More sharing options...
trelfinator Posted October 20, 2014 Author ID:893162 Share Posted October 20, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.3 (10.14.2014:1)OS: Windows 7 Home Premium x64Ran by Sarah on 20/10/2014 at 16:31:20.44~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{393D6CFB-2771-42E9-A65B-8F15B70C9B8F}~~~ Files~~~ FoldersSuccessfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{04302A14-CD7F-43F4-8014-AE4BB424CDB2}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{0487EB63-565C-46FC-AADC-93EAEB52E2E1}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{066C9AF2-B2F4-403B-ABCF-CA949B1ED2ED}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{074E6770-ECA5-4992-A56D-290066351E55}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{077C5647-0387-4E33-A203-795A9502147B}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{0EF4F33C-E798-4348-8A5A-4560D61A21F3}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{116E2743-2EFB-48D6-8EC5-DF29C3A45364}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{118A2C52-3B88-4331-AD3C-B3D19DC500BC}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{125A3924-722A-4025-8F79-7EA591ED1771}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{15CADA93-52E2-4197-9F1C-F179A8C0B1A1}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{18C60E13-1186-4FD2-A331-DACBA5400C4D}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{1BBBCF92-C538-4871-9B7F-B75BAC6B2E85}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{28D84136-46E8-45A9-BB54-9B80367118C9}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{2BB7772D-DC04-4907-9BB3-02D73BD41741}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{2D27ED1D-FA31-4EDC-8135-2606A51F6BAF}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{3764EA29-F6D2-460C-8778-1129C31458F9}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{43D26EF7-6A79-4CEC-BC4E-4ACCC6964C3A}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{455ECCF7-E333-4952-97A2-486E25DB4FA1}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{471F0120-5975-46DF-B7CF-5661B2FA71A7}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{480ADAF8-AAF9-473A-A9CE-9987F836657B}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{4DA4BB0F-E091-4029-B93B-2F81359E02E8}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{57CF085D-7FB8-44DB-8E47-7098DF966AB5}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{5C48B06A-7300-4ABC-BADF-14DC1E142564}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{61A75C2D-C453-4083-A2EB-29AD4452789A}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{6A14E943-B983-49B4-A80E-8BE4E101AC9C}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{6D1189B6-D0CB-469E-B5B4-769AC95DFB74}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{72E5096E-D402-4F82-A95C-1AF88CE79F34}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{72F58C17-511D-4AF7-A540-D1EF739A55D9}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{74A3C014-A33F-403B-94AE-94E97753725D}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{74B9870A-57C5-4E8A-997A-EDF7AFA097BB}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{84811ABD-5663-43DF-AEF6-72B1E9A621EB}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{8E1CA5C3-4A5E-4618-A8BC-AB76A9490E86}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{95FC32A4-742C-41E8-9E65-6F83A0199832}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{9EC12FAB-CA18-469F-BA4B-255A80D4DD3F}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{A035E160-3FD7-4F27-BB0D-69A4CF229137}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{A08279C2-648C-4E26-9DAE-7EB4C9C8BAC9}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{A19117EE-C249-4358-8A31-DCB6FF681238}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{AA6B4779-9454-4351-BDAD-F76917339496}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{AF90EFA1-61F1-482A-8DFE-CFC068B7FD70}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{B7E93321-F7AD-422E-A550-6817560552EC}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{BDFD36F2-A61F-4A3A-A785-F752FC289A22}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C9CDC348-7429-40F3-8521-B00733CC78F8}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{D6B1E15E-0510-4B4D-990B-49BC32884231}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{D87FBFC2-EEC9-46E5-922A-A37F7109A48F}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{DF986DEF-9429-41F4-A762-5923588185E3}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{EF99D987-2DB5-4334-BA2D-757F2D8D0114}Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{EFDF89C4-377B-4685-858B-D819A7A36D03}~~~ FireFoxEmptied folder: C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\v90tvxg4.default\minidumps [284 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 20/10/2014 at 16:59:57.27End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# AdwCleaner v4.000 - Report created 20/10/2014 at 16:19:55# DB v2014-10-19.11# Updated 12/10/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Sarah - SARAHS_LAPPY# Running from : C:\Users\Sarah\Downloads\adwcleaner_4.000.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Users\Dad\AppData\Roaming\CheckPoint\ZoneAlarm LTD ToolbarFolder Deleted : C:\Users\Sarah\AppData\Roaming\CheckPoint\ZoneAlarm LTD ToolbarFolder Deleted : C:\Users\Dad\AppData\LocalLow\HPAppDataFolder Deleted : C:\Users\Sarah\AppData\LocalLow\HPAppData***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.ToolKey Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApiKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : HKCU\Software\APNKey Deleted : HKCU\Software\Ask.comKey Deleted : HKCU\Software\AskToolbarKey Deleted : HKCU\Software\AppDataLow\Software\AskToolbarKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17344-\\ Mozilla Firefox v32.0.3 (x86 en-US)[v90tvxg4.default] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");[v90tvxg4.default] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");*************************AdwCleaner[R0].txt - [13525 octets] - [05/10/2014 10:54:34]AdwCleaner[R1].txt - [2846 octets] - [20/10/2014 16:10:55]AdwCleaner[S0].txt - [13885 octets] - [05/10/2014 11:06:37]AdwCleaner[S1].txt - [2335 octets] - [20/10/2014 16:19:55]########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2395 octets] ########## Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java SE Runtime Environment 6 Java version out of Date! Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox 32.0.3 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm ZAPrivacyService.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Psychotic Posted October 21, 2014 ID:893553 Share Posted October 21, 2014 Your system is clean now! Java runtime Environment out of dateYour Java runtime environment is outdated. We will fix this. Get the actual JRE from here Save jxpiinstall.exe to your desktop Close all running programs, especially your browser(s) Run jxpiinstall.exe. This will download the newest JRE installer and install the software when finished, go toStart-->control panel-->add/remove programs and remove all older Java versions. (if existing) When finished, reboot your computer.After the reboot Open control panel again and click the java symbol. Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears. Click Delete Files.The Delete Temporary Files dialog box appearsClick OK on Delete Temporary Files window.Click OK again. Mozilla Firefox out of dateYour Firefox browser is outdated. Please follow these instructions to update it:Get the actual firefox from here. Run setup and follow the instructions on your monitor. Report any problems you have with the update. Defrag your hard drive Your hard drive is heavily fragmented. This may result in performance losses. If it is NOT an SSD drive, use a tool like Auslogic DiskDefrag to defrag the drive. Uninstall our tools using delfixPlease follow these steps in order: In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed. In any case please download delfix to your desktop. Close all other programms and start delfix. Please check all the boxes and run the tool. delfix will now delete all found traces of our removal process [*] If there is still something left please delete it manualy.Delete System Restore PointsTo ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.Temp File CleanerWe need to download Temp File Cleaner (TFC) by OldTimer: Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2 Save and close all running applications Double-click on TFC.exe to run the program Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup When the scan is complete, if you were not asked to reboot the computer, please do so now More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ Recommendations: How to protect yourselfSystem UpdatesPlease ensure to have automatic updates activated in your control panel.For further information and a tutorial, see this Microsoft Support article. ProtectionWhat you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.To keep your browser free of advertising, you may install the Adblock Plus browser extension.It will filter unwanted advertising out of the website´s content. To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.In addition, before accessing a dangerous classified web site, a warning screen is displayed. [*]Up to date SoftwareKeep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:Secunia Personal Software Inspector - checks if your software has updates available. SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software. Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser. [*]BackupHardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]BehaviourThe commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware. Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything. When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Link to post Share on other sites More sharing options...
trelfinator Posted October 21, 2014 Author ID:893765 Share Posted October 21, 2014 Wow brilliant, I've done all the recommendations you've given me in the last post and everything seems to now be running smoothly. Thank you so so much for all the help you've given me!!! Revived my little old laptop! Really appreciate your time and effort. Thanks again and best wishes Link to post Share on other sites More sharing options...
LDTate Posted November 20, 2014 ID:910623 Share Posted November 20, 2014 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts