Jump to content

Powershell stopped and many dllhost.exe processes


Recommended Posts

For the last couple of days, my desktop has been running super slow. I often get a pop up message that says "powershell has stopped working". I often have to restart IR due to it using tons of memory (it's been happening for a long time, not sure if it's related), but I usually do that through Windows task manager processes and I have recently started seeing a ton of dllhost.exe*32 running, more when IE is open. Please help! Thanks in advance!
Also, for som reason, I am not able to paste anything on this, so I am going to attach the FRST and Addition files.

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Staff

Hello chantalrdj, welcome to Malwarebytes' Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png

General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================

Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page.

======================================================
 
Unfortunately, your computer is infected with a rootkit. As such, I must issue the following warning. Please let me know how you wish to proceed. 
 

goGMWSt.gifBACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data,using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

Please let me know how you wish to proceed, and if you have any questions.
Link to post
Share on other sites

  • Staff

Hello Chantal, 
 
Please do the following. 
 
STEP 1
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 2
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to:
    • Loaded Modules
    • Detect TDLFS file system
    • Verify file digital signatures
  • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
     

======================================================

STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • ComboFix.txt
  • TDSSKiller log (attached)
Link to post
Share on other sites

ComboFix 14-10-20.01 - Chantal 10/20/2014 13:56:54.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4863.3215 [GMT -6:00]

Running from: c:\users\Chantal\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Romanski\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

c:\users\Romanski\Desktop\Internet Explorer.lnk

.

.

CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.

You should verify if current CLSID data is correct:

.

HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

(Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server

AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

.

HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32

(Default) REG_SZ c:\windows\system32\thumbcache.dll

ThreadingModel REG_SZ Apartment

.

.

((((((((((((((((((((((((( Files Created from 2014-09-20 to 2014-10-20 )))))))))))))))))))))))))))))))

.

.

2014-10-20 20:54 . 2014-10-20 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-10-20 20:53 . 2014-10-20 20:53 -------- d-----w- c:\users\Jan2013\AppData\Local\temp

2014-10-20 20:53 . 2014-10-20 20:53 -------- d-----w- c:\users\Guest\AppData\Local\temp

2014-10-20 05:17 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D376C931-7255-4237-ADCD-00C112E92E1B}\mpengine.dll

2014-10-20 02:33 . 2014-10-20 02:48 -------- d-----w- C:\FRST

2014-10-19 05:19 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-10-18 15:42 . 2014-10-20 16:30 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-18 08:15 . 2014-10-18 08:15 -------- d-----w- C:\SUPERDelete

2014-10-15 17:19 . 2014-07-07 02:06 284672 ----a-w- c:\windows\system32\EncDump.dll

2014-10-15 17:17 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll

2014-10-15 17:17 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll

2014-10-15 17:17 . 2014-07-17 02:07 681984 ----a-w- c:\windows\system32\termsrv.dll

2014-10-15 17:17 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll

2014-10-15 17:17 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll

2014-10-15 17:17 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe

2014-10-15 17:17 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll

2014-10-15 17:17 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2014-10-15 17:17 . 2014-07-17 02:07 86528 ----a-w- c:\windows\system32\TSpkg.dll

2014-10-15 17:17 . 2014-07-17 02:07 22016 ----a-w- c:\windows\system32\credssp.dll

2014-10-15 17:17 . 2014-07-17 01:39 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll

2014-10-15 17:17 . 2014-07-17 01:39 17408 ----a-w- c:\windows\SysWow64\credssp.dll

2014-10-15 17:17 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2014-10-15 17:16 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll

2014-10-15 17:16 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll

2014-10-15 16:05 . 2014-10-15 16:08 -------- d-----w- c:\users\Chantal\AppData\Local\VertoAnalytics

2014-10-15 16:05 . 2014-10-15 16:08 -------- d-----w- c:\program files (x86)\SmartApp

2014-10-02 01:49 . 2014-09-17 00:21 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{401244D9-C79A-46DE-99E7-8F9660BD25EE}\gapaengine.dll

2014-10-01 13:02 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll

2014-10-01 13:02 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll

2014-09-28 06:40 . 2014-09-28 06:40 -------- d-----w- c:\program files\iPod

2014-09-28 06:40 . 2014-09-28 06:41 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-09-28 06:40 . 2014-09-28 06:41 -------- d-----w- c:\program files\iTunes

2014-09-28 06:40 . 2014-09-28 06:41 -------- d-----w- c:\program files (x86)\iTunes

2014-09-25 17:11 . 2014-09-25 17:11 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-09-25 17:11 . 2014-07-25 18:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-09-24 06:06 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll

2014-09-24 06:06 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-10-16 09:02 . 2010-10-17 22:36 103265616 ----a-w- c:\windows\system32\MRT.exe

2014-09-22 06:42 . 2010-12-18 19:09 278152 ------w- c:\windows\system32\MpSigStub.exe

2014-09-17 00:21 . 2012-11-29 04:56 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-08-29 12:27 . 2013-11-13 23:28 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2014-08-23 02:07 . 2014-08-28 13:01 404480 ----a-w- c:\windows\system32\gdi32.dll

2014-08-23 01:45 . 2014-08-28 13:01 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2014-08-21 20:22 . 2013-09-07 22:47 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-08-21 20:22 . 2013-09-07 22:47 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-08-01 11:53 . 2014-09-09 21:07 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll

2014-08-01 11:35 . 2014-09-09 21:07 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll

2014-07-28 20:52 . 2014-07-28 20:52 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll

2014-07-28 20:52 . 2014-07-28 20:52 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2014-07-25 08:35 . 2014-07-25 08:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll

2014-07-25 05:47 . 2014-07-25 05:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-12-07 39408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-15 20588704]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-11-27 106496]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2013-06-20 391040]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-3-25 1724416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]

R3 DNIMp50a64;DNIMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50a64.sys;c:\windows\SYSNATIVE\Drivers\DNIMp50a64.sys [x]

R3 DNISp50a64;DNISp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50a64.sys;c:\windows\SYSNATIVE\Drivers\DNISp50a64.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys;c:\windows\SYSNATIVE\DRIVERS\lgx64gps.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2x.sys;c:\windows\SYSNATIVE\DRIVERS\WN111v2x.sys [x]

R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]

R4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [x]

R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]

S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]

S2 VTechUSBSocketService;VTechUSBSocketService;c:\program files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe;c:\program files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

.

Contents of the 'Scheduled Tasks' folder

.

2014-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1211359624-4000402081-1974110644-1000Core.job

- c:\users\Romanski\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-20 02:23]

.

2014-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1211359624-4000402081-1974110644-1000UA.job

- c:\users\Romanski\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-20 02:23]

.

2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 08:20]

.

2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 08:20]

.

2014-10-18 c:\windows\Tasks\HPCeeScheduleForChantal.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]

.

2014-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-10-08 21720]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.2.1

DPF: {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} - hxxps://pd.mycharterconnection.com/portal/page/portal/mycharterconnection/main?_rtarget=34_82410_34_1_82247&_piref34_82410_34_1_82247.__ora_type=proxy&_piref34_82410_34_1_82247.__ora_resource=http%3A%2F%2Fpd.apps.mycharterconnection.com%3A80%2Fjde%2Faxctls%2FjdeexpimpU.cab%23version%3D9000%2C2008%2C2%2C14&_piref34_82410_34_1_82247.__ora_checksum=fe1ccdc3801e260ecbf401957e0309ca93b95a54

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WN111v2\jswtrayutil.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.14"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-10-20 15:34:15

ComboFix-quarantined-files.txt 2014-10-20 21:34

.

Pre-Run: 471,760,248,832 bytes free

Post-Run: 492,243,951,616 bytes free

.

- - End Of File - - 0B1E33044B9D40C93A512C3AAF9ECB52

Link to post
Share on other sites

Sorry this is in two different replies. I was still unable to copy and paste here on my desktop. I had to email myself the log and copy and paste it here from my phone!

TDSSkiller did not find any threats and didn't make a log(?) Or at least that I can find.

I am now getting prompt when doing anything on IE about viewing and leaving a secure internet connection. Is that normal to be seeing?

Link to post
Share on other sites

  • Staff

Hello Chantal,
 
If TDSSKiller did not detect anything, I do not need to see the log.
 

I am now getting prompt when doing anything on IE about viewing and leaving a secure internet connection. Is that normal to be seeing?

ComboFix resets certain IE settings. What you are seeing is normal. Place a tick in the checkbox and click Yes. 

 

Please work your way through the following. 

STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.

 
STEP 3

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[s0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

ADWCLEANER

# AdwCleaner v4.001 - Report created 20/10/2014 at 23:01:49

# DB v2014-10-20.3

# Updated 20/10/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Chantal - ROMANSKI-HP

# Running from : C:\Users\Chantal\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

 

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Users\Romanski\AppData\Local\Conduit

Folder Deleted : C:\Users\Romanski\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Romanski\AppData\Local\FileTypeAssistant

Folder Deleted : C:\Users\Romanski\AppData\Local\PackageAware

***** [ Scheduled Tasks ] *****

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2233703

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Freeze.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.2

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

 

-\\ Google Chrome v

 

*************************

AdwCleaner[R0].txt - [9134 octets] - [20/10/2014 22:57:10]

AdwCleaner[s0].txt - [9124 octets] - [20/10/2014 23:01:49]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9184 octets] ##########

JRT

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividSetupV2_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividSetupV2_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup_Basic_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup_Basic_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ilividSetupV2_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ilividSetupV2_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup_Basic_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup_Basic_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{89437F0F-D5FD-4CA0-856B-41245B6461D5}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{89437F0F-D5FD-4CA0-856B-41245B6461D5}

~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{0E05D53E-3900-447E-8BE3-21802EAEF4EB}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{11AE7B09-ABA1-4967-B86B-22097A596106}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{1BE95BAD-5312-4653-A336-2AFBEC2BD894}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{21916654-57CA-4FDD-8B06-78AB16059E77}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{22077898-E300-4AA7-803C-CAD1C0BBA529}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{28D4F7B5-B260-4C07-A522-EAAAFF9E866D}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{311D4EA0-5706-48ED-9778-243824134734}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{31224359-8207-4A6A-A360-923C9BBE2E1A}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{3A6E245F-8F2A-4DCC-89EF-8DCCABBBB436}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{4218FA87-DCDE-4ED7-B289-A1B19BBFFDCE}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{43DADB7C-97E9-4902-9C06-C2F58AFEE5D4}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{517F0378-2657-4562-8C5F-A20051B99243}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{523365C3-E4AF-402A-8A5E-7D97FD4D058D}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{5A01A817-49EF-4220-9140-8B509B18CBAF}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{706CEDB2-B1FE-4AD8-9C90-CD206F9AD22F}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{829C06F8-D861-4EAB-BE3E-141E30486E1A}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{9AE5C4C2-952F-47F5-A921-8D3D9ECEA08E}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{9F1845BB-7E2F-47AC-9B81-D3CF23068311}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{CEECE1AA-B860-4AF4-AE9E-062EBC2DEDF5}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{D76ABD3C-3184-4527-BBF1-005ED108DB18}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{E3799652-2B98-445C-B4C0-36CA0756320B}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{E3BE68EC-8F17-4F93-8264-B5C346484C4B}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{ED948BF5-1ED3-4863-820C-D25487692487}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{F83EF026-6BD1-4D3B-B86D-8D92D2D7123B}

Successfully deleted: [Empty Folder] C:\Users\Chantal\appdata\local\{FFEFB1C8-2772-4C4C-B2FA-31737995CF13}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 10/20/2014 at 23:14:34.78

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.3 (10.14.2014:1)

OS: Windows 7 Home Premium x64

Ran by Chantal on Mon 10/20/2014 at 23:11:36.13

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01

Ran by Chantal (administrator) on ROMANSKI-HP on 20-10-2014 23:22:44

Running from C:\Users\Chantal\Desktop

Loaded Profile: Chantal (Available profiles: Romanski & Chantal & Jan2013 & Guest)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(VertoAnalytics Oy) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

(NETGEAR) C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Verto Analytics Inc) C:\Program Files (x86)\SmartApp\SmartApp.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-03] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)

HKU\S-1-5-21-1211359624-4000402081-1974110644-1003\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-07] (Google Inc.)

HKU\S-1-5-21-1211359624-4000402081-1974110644-1003\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20588704 2013-11-15] (Skype Technologies S.A.)

HKU\S-1-5-21-1211359624-4000402081-1974110644-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-1211359624-4000402081-1974110644-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk

ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {89437F0F-D5FD-4CA0-856B-41245B6461D5} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File

BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: HKLM-x32 {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} https://pd.mycharterconnection.com/portal/page/portal/mycharterconnection/main?_rtarget=34_82410_34_1_82247&_piref34_82410_34_1_82247.__ora_type=proxy&_piref34_82410_34_1_82247.__ora_resource=http%3A%2F%2Fpd.apps.mycharterconnection.com%3A80%2Fjde%2Faxctls%2FjdeexpimpU.cab%23version%3D9000%2C2008%2C2%2C14&_piref34_82410_34_1_82247.__ora_checksum=fe1ccdc3801e260ecbf401957e0309ca93b95a54

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll (Hulu LLC)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chantal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-22]

Chrome:

=======

CHR Profile: C:\Users\Chantal\AppData\Local\Google\Chrome\User Data\Default

CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2013-01-11] (SUPERAntiSpyware.com) [File not signed]

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]

R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-27] (LeapFrog Enterprises, Inc.) [File not signed]

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]

R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]

S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 VTechUSBSocketService; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82824 2013-03-28] (VTech)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)

S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2x.sys [553472 2008-09-29] (Atheros Communications, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 DNIMp50a64; System32\Drivers\DNIMp50a64.sys [X]

S3 DNISp50a64; System32\Drivers\DNISp50a64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 23:22 - 2014-10-20 23:22 - 00000000 ____D () C:\Users\Chantal\Desktop\FRST-OlderVersion

2014-10-20 23:14 - 2014-10-20 23:14 - 00004678 _____ () C:\Users\Chantal\Desktop\JRT.txt

2014-10-20 23:11 - 2014-10-20 23:11 - 01705698 _____ (Thisisu) C:\Users\Chantal\Desktop\JRT.exe

2014-10-20 23:11 - 2014-10-20 23:11 - 00000000 ____D () C:\Windows\ERUNT

2014-10-20 22:57 - 2014-10-20 23:01 - 00000000 ____D () C:\AdwCleaner

2014-10-20 22:56 - 2014-10-20 22:56 - 01962496 _____ () C:\Users\Chantal\Desktop\AdwCleaner.exe

2014-10-20 15:44 - 2014-10-20 15:44 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Chantal\Desktop\tdsskiller.exe

2014-10-20 15:34 - 2014-10-20 15:34 - 00023435 _____ () C:\ComboFix.txt

2014-10-20 13:53 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-10-20 13:53 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-10-20 13:53 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-10-20 13:53 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-10-20 13:53 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-10-20 13:53 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe

2014-10-20 13:53 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe

2014-10-20 13:53 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe

2014-10-20 13:50 - 2014-10-20 15:34 - 00000000 ____D () C:\Qoobox

2014-10-20 13:49 - 2014-10-20 15:33 - 00000000 ____D () C:\Windows\erdnt

2014-10-20 13:48 - 2014-10-20 13:48 - 05583433 ____R (Swearware) C:\Users\Chantal\Desktop\ComboFix.exe

2014-10-19 20:45 - 2014-10-19 20:49 - 00044994 _____ () C:\Users\Chantal\Desktop\Addition.txt

2014-10-19 20:33 - 2014-10-20 23:23 - 00018992 _____ () C:\Users\Chantal\Desktop\FRST.txt

2014-10-19 20:33 - 2014-10-20 23:22 - 00000000 ____D () C:\FRST

2014-10-19 20:32 - 2014-10-20 23:22 - 02110976 _____ (Farbar) C:\Users\Chantal\Desktop\FRST64.exe

2014-10-18 09:42 - 2014-10-20 10:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-18 02:15 - 2014-10-18 02:15 - 00000000 ____D () C:\SUPERDelete

2014-10-17 23:07 - 2014-10-17 23:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-10-17 23:07 - 2014-10-17 23:07 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2014-10-16 20:27 - 2014-10-16 21:03 - 00000000 ____D () C:\Users\Chantal\Desktop\New folder

2014-10-15 11:20 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-15 11:20 - 2014-08-18 21:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2014-10-15 11:20 - 2014-08-18 21:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2014-10-15 11:20 - 2014-07-06 20:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2014-10-15 11:20 - 2014-07-06 20:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2014-10-15 11:20 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2014-10-15 11:20 - 2014-07-06 20:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-10-15 11:20 - 2014-07-06 20:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-10-15 11:20 - 2014-07-06 20:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2014-10-15 11:20 - 2014-07-06 20:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2014-10-15 11:20 - 2014-07-06 20:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2014-10-15 11:20 - 2014-07-06 20:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2014-10-15 11:20 - 2014-07-06 20:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-10-15 11:20 - 2014-07-06 20:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2014-10-15 11:20 - 2014-07-06 20:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-10-15 11:20 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2014-10-15 11:20 - 2014-07-06 19:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2014-10-15 11:20 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2014-10-15 11:20 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-10-15 11:20 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2014-10-15 11:20 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2014-10-15 11:20 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2014-10-15 11:20 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-10-15 11:20 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2014-10-15 11:20 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-10-15 11:20 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2014-10-15 11:20 - 2014-06-27 18:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2014-10-15 11:20 - 2014-06-27 18:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2014-10-15 11:20 - 2014-06-27 18:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2014-10-15 11:20 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-15 11:20 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-15 11:20 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-15 11:20 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-15 11:20 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-15 11:20 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-15 11:19 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-15 11:19 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-15 11:19 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-15 11:19 - 2014-08-18 21:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2014-10-15 11:19 - 2014-08-18 21:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2014-10-15 11:19 - 2014-08-18 21:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2014-10-15 11:19 - 2014-08-18 21:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2014-10-15 11:19 - 2014-08-18 21:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2014-10-15 11:19 - 2014-08-18 21:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2014-10-15 11:19 - 2014-08-18 21:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2014-10-15 11:19 - 2014-08-18 21:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2014-10-15 11:19 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2014-10-15 11:19 - 2014-08-18 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2014-10-15 11:19 - 2014-08-18 20:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2014-10-15 11:19 - 2014-07-06 20:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2014-10-15 11:19 - 2014-07-06 20:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2014-10-15 11:19 - 2014-07-06 20:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-10-15 11:19 - 2014-07-06 20:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2014-10-15 11:19 - 2014-07-06 20:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2014-10-15 11:19 - 2014-07-06 20:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2014-10-15 11:19 - 2014-07-06 20:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-10-15 11:19 - 2014-07-06 20:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-10-15 11:19 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-10-15 11:19 - 2014-07-06 20:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2014-10-15 11:19 - 2014-07-06 20:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2014-10-15 11:19 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-10-15 11:19 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-10-15 11:19 - 2014-07-06 20:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2014-10-15 11:19 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2014-10-15 11:19 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2014-10-15 11:19 - 2014-07-06 20:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2014-10-15 11:19 - 2014-07-06 20:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2014-10-15 11:19 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2014-10-15 11:19 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2014-10-15 11:19 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2014-10-15 11:19 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2014-10-15 11:19 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2014-10-15 11:19 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-10-15 11:19 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-10-15 11:19 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-10-15 11:18 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-15 11:18 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-15 11:18 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-15 11:18 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-15 11:18 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-15 11:18 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-15 11:18 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-15 11:18 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-15 11:18 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-15 11:18 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-15 11:18 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-15 11:18 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-15 11:18 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-15 11:18 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-15 11:18 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-15 11:18 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-15 11:18 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-15 11:18 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-15 11:18 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-15 11:18 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-15 11:18 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-15 11:18 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-15 11:18 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-15 11:18 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-15 11:18 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-15 11:18 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-15 11:18 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-15 11:18 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-15 11:18 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-15 11:18 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-15 11:18 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-15 11:18 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-15 11:18 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-15 11:18 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-15 11:18 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-15 11:18 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-15 11:18 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-15 11:18 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-15 11:18 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-15 11:18 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-15 11:18 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-15 11:18 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-15 11:18 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-15 11:18 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-15 11:18 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-15 11:18 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-15 11:18 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-15 11:18 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-15 11:18 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-15 11:18 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-15 11:18 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-15 11:18 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-15 11:18 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-15 11:18 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-15 11:18 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-15 11:18 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-15 11:18 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-15 11:18 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-15 11:18 - 2014-08-28 20:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-15 11:18 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-15 11:18 - 2014-08-28 20:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll

2014-10-15 11:18 - 2014-08-28 20:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-10-15 11:18 - 2014-08-28 20:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-10-15 11:18 - 2014-08-28 19:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-15 11:18 - 2014-08-28 19:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-10-15 11:18 - 2014-08-28 19:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-10-15 11:18 - 2014-08-28 19:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-10-15 11:17 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-15 11:17 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-15 11:17 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-15 11:17 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-15 11:17 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-15 11:17 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-15 11:17 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-15 11:17 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-15 11:17 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-15 11:17 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-15 11:17 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-15 11:17 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-15 11:17 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-15 11:16 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-15 11:16 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-15 10:05 - 2014-10-20 23:13 - 00004102 _____ () C:\Windows\System32\Tasks\SmartAppLiveUpdater

2014-10-15 10:05 - 2014-10-20 23:13 - 00003334 _____ () C:\Windows\System32\Tasks\SmartAppMonitor

2014-10-15 10:05 - 2014-10-15 10:08 - 00000000 ____D () C:\Users\Chantal\AppData\Local\VertoAnalytics

2014-10-15 10:05 - 2014-10-15 10:08 - 00000000 ____D () C:\Program Files (x86)\SmartApp

2014-10-15 09:50 - 2014-10-15 09:50 - 02473984 _____ () C:\Users\Chantal\Downloads\SmartApp.msi

2014-10-01 22:54 - 2014-10-01 22:56 - 449461248 _____ () C:\Users\Chantal\Downloads\PokemonInstaller.msi.7vpaebt.partial

2014-10-01 07:02 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-01 07:02 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-09-28 00:41 - 2014-09-28 00:41 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-09-28 00:41 - 2014-09-28 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-09-28 00:40 - 2014-09-28 00:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-09-28 00:40 - 2014-09-28 00:41 - 00000000 ____D () C:\Program Files\iTunes

2014-09-28 00:40 - 2014-09-28 00:41 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-09-28 00:40 - 2014-09-28 00:40 - 00000000 ____D () C:\Program Files\iPod

2014-09-25 11:11 - 2014-09-25 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-09-25 11:11 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-25 11:11 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-25 11:11 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-25 11:11 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-25 11:10 - 2014-09-25 11:11 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log

2014-09-24 10:10 - 2014-09-24 10:11 - 00001759 _____ () C:\Users\Chantal\Documents\New Database.odb

2014-09-24 00:06 - 2014-09-09 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-24 00:06 - 2014-09-09 15:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 23:18 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-20 23:18 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-20 23:15 - 2014-02-07 22:28 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForChantal

2014-10-20 23:15 - 2014-02-07 22:28 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForChantal.job

2014-10-20 23:13 - 2010-10-14 23:50 - 02084977 _____ () C:\Windows\WindowsUpdate.log

2014-10-20 23:12 - 2010-10-15 02:20 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-20 23:03 - 2013-01-10 12:20 - 00000000 ____D () C:\Temp

2014-10-20 23:03 - 2010-10-15 02:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-20 23:03 - 2010-06-25 21:25 - 00658002 _____ () C:\Windows\PFRO.log

2014-10-20 23:03 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-20 23:03 - 2009-07-13 22:51 - 00108877 _____ () C:\Windows\setupact.log

2014-10-20 21:19 - 2011-09-19 20:04 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1211359624-4000402081-1974110644-1000UA.job

2014-10-20 21:19 - 2011-09-19 20:04 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1211359624-4000402081-1974110644-1000Core.job

2014-10-20 17:20 - 2013-01-27 22:06 - 00000000 ____D () C:\Users\Chantal\AppData\Local\CrashDumps

2014-10-20 15:49 - 2013-04-01 20:32 - 00000000 ____D () C:\Users\Chantal\AppData\Roaming\Skype

2014-10-20 15:31 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini

2014-10-20 02:12 - 2014-06-12 12:16 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A53F11A8-9A28-4857-B204-2A81FD2EF5EF}

2014-10-18 02:15 - 2010-10-15 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

2014-10-17 23:07 - 2010-10-26 15:06 - 00000000 ____D () C:\ProgramData\Adobe

2014-10-17 23:07 - 2010-10-26 15:06 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-10-16 20:48 - 2013-01-24 17:04 - 00000000 ____D () C:\Users\Chantal\Desktop\PHOTOS

2014-10-16 18:31 - 2011-11-03 16:27 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-10-16 18:31 - 2010-10-28 00:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-10-16 06:44 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-10-16 04:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache

2014-10-16 03:42 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-10-16 03:41 - 2009-07-13 22:45 - 04976880 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-16 03:37 - 2014-05-07 03:02 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-16 03:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-10-16 03:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism

2014-10-16 03:09 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-16 03:02 - 2010-10-17 16:36 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-09 15:34 - 2014-09-10 20:13 - 00000000 ____D () C:\Users\Chantal\Desktop\DOC

2014-09-30 21:26 - 2012-08-01 17:27 - 00000000 ____D () C:\Users\Chantal\Desktop\Sunshine's Sewing

2014-09-30 10:00 - 2010-10-14 23:51 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job

2014-09-25 15:31 - 2014-01-27 15:02 - 00000000 ____D () C:\Users\Chantal\Documents\Sherry

2014-09-25 11:12 - 2013-11-09 22:24 - 00000000 ____D () C:\ProgramData\Oracle

2014-09-25 11:11 - 2013-09-07 16:22 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-22 00:42 - 2010-12-18 13:09 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-21 15:28 - 2009-07-13 23:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI

Files to move or delete:

====================

C:\Users\Romanski\Photoshop_12_LS1.exe

Some content of TEMP:

====================

C:\Users\Chantal\AppData\Local\Temp\Quarantine.exe

C:\Users\Chantal\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 04:14

==================== End Of Log ============================

Link to post
Share on other sites

ADDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014 01

Ran by Chantal at 2014-10-20 23:24:11

Running from C:\Users\Chantal\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.0.16600 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 2.5.0.16600 - Adobe Systems Inc.) Hidden

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)

AMD USB Filter Driver (HKLM-x32\...\{5BDA2F58-1F21-4D10-9910-92B01EBCC958}) (Version: 1.0.14.91 - Advanced Micro Devices, Inc.)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ATI Catalyst Install Manager (HKLM\...\{E50A5077-1654-BEAE-986B-7B7133DA7C48}) (Version: 3.0.762.0 - ATI Technologies, Inc.)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)

Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden

CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Core Implementation (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Full New (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Light (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2010.0202.2335.42270 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Czech (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Danish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Dutch (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help English (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Finnish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help French (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help German (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Greek (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Italian (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Japanese (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Korean (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Polish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Russian (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Spanish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Swedish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Thai (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Turkish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

ccc-core-static (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

ccc-utility64 (Version: 2010.0202.2335.42270 - ATI) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2712 - CyberLink Corp.)

CyberLink DVD Suite Deluxe (x32 Version: 7.0.2712 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden

Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden

DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard)

DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden

Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)

Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden

Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)

Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5418.39 - PC-Doctor, Inc.)

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)

HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{0213A0FE-2725-4A04-9A37-79502F64D7A9}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)

HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)

HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3902 - Hewlett-Packard)

HP MediaSmart DVD (x32 Version: 4.0.3902 - Hewlett-Packard) Hidden

HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3910 - Hewlett-Packard)

HP MediaSmart Music (x32 Version: 4.0.3910 - Hewlett-Packard) Hidden

HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3911 - Hewlett-Packard)

HP MediaSmart Photo (x32 Version: 4.0.3911 - Hewlett-Packard) Hidden

HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)

HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3911 - Hewlett-Packard)

HP MediaSmart Video (x32 Version: 4.0.3911 - Hewlett-Packard) Hidden

HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)

HP Setup (HKLM-x32\...\{F5C7FD70-2C0A-401E-95E9-916363567DDA}) (Version: 1.2.4048.3310 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)

HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.11 - Hulu LLC)

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)

Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden

Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2610 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2610 - CyberLink Corp.) Hidden

LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.2.4.18506 - LeapFrog)

LeapFrog Connect (x32 Version: 5.2.4.18506 - LeapFrog) Hidden

LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden

LeapFrog My Pals Plugin (x32 Version: 5.1.26.18340 - LeapFrog) Hidden

Learning Lodge™ (HKLM-x32\...\VTechDownloadManager) (Version: - VTech)

LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )

LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)

LWS Facebook (x32 Version: 13.30.1346.0 - Logitech) Hidden

LWS Gallery (x32 Version: 13.30.1379.0 - Logitech) Hidden

LWS Help_main (x32 Version: 13.30.1396.0 - Logitech) Hidden

LWS Launcher (x32 Version: 13.30.1379.0 - Logitech) Hidden

LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden

LWS Pictures And Video (x32 Version: 13.30.1395.0 - Logitech) Hidden

LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden

LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden

LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden

LWS Webcam Software (x32 Version: 13.30.1379.0 - Logitech) Hidden

LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden

LWS YouTube Plugin (x32 Version: 13.30.1346.0 - Logitech) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.)

Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.9 - Motorola Mobility)

Motorola Device Software Update (x32 Version: 13.02.1402 - Motorola Mobility) Hidden

Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0 - Motorola Inc.) Hidden

Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard)

Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden

OpenOffice.org 3.2 (HKLM-x32\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden

PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)

PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3810 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.3810 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2704 - CyberLink Corp.)

PowerDirector (x32 Version: 8.0.2704 - CyberLink Corp.) Hidden

RangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 2.00.0000 - NETGEAR)

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version: - RealNetworks)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Recovery Manager (x32 Version: 5.5.2719 - CyberLink Corp.) Hidden

Roxio CinemaNow 2.0 (x32 Version: 1.0.262 - Hewlett-Packard) Hidden

ServiceInstaller (HKLM-x32\...\ServiceInstaller) (Version: - )

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

SmartApp (HKLM-x32\...\{2B4C4738-AF49-4E2D-9E8F-7AA1DA29B183}) (Version: 1.0.0.26 - SmartApp)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1136 - SUPERAntiSpyware.com)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)

Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version: - LeapFrog)

Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden

Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden

Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WN111v2 (x32 Version: 2.00.0000 - NETGEAR) Hidden

Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

15-10-2014 15:51:28 Installed SmartApp

15-10-2014 15:54:42 Installed SmartApp

16-10-2014 09:00:47 Windows Update

20-10-2014 05:14:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-10-20 15:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A59C5C3-9D6E-4E71-AE64-474ACBF008CC} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-02-24] ()

Task: {0D9C2608-AD9A-4300-8B00-E81B7F2BFF6A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1211359624-4000402081-1974110644-1000UA => C:\Users\Romanski\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)

Task: {0E9B3B8B-7ECF-4BA6-925B-0E8B239B515E} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2014-09-17] ()

Task: {15617EC8-552A-402B-8CD8-46D7A9FB5E83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)

Task: {2D4ABCD9-89A0-4A2D-B045-0CA7E9031255} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1211359624-4000402081-1974110644-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)

Task: {31065A49-1042-490B-9B46-16F151F2A230} - System32\Tasks\HPCeeScheduleForChantal => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {383EF391-5806-494E-A221-BA3332F4CC98} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe

Task: {4B619A3A-1409-4D92-AFAF-D09AF9F5888A} - System32\Tasks\AdobeAAMUpdater-1.0-Romanski-HP-Romanski => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)

Task: {4CA7A25D-4665-4E24-B0CF-2094D6C5CDFB} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()

Task: {54B5372A-BD2F-4992-AAE2-4D2259298515} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {615DFB2A-4DCF-4AD7-951E-2C83246217E0} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-02-24] ()

Task: {8096702B-EF0F-4C3A-8899-A267C21443DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {84B1C0FB-3B19-4C8B-973D-F6CED2A10849} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()

Task: {8981A70D-895A-4F5D-AC99-3A7C4E71D35F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1211359624-4000402081-1974110644-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)

Task: {93FC065E-1317-4C8E-8BBC-711DA6643312} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01] (PC-Doctor, Inc.)

Task: {A18F8913-39F1-40AF-BAF1-194F95737085} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {B1E27587-E159-41DE-94B8-2ED1DEA7D0AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15] (Google Inc.)

Task: {CC9EA288-6E83-4806-B916-078D1FC8DC36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15] (Google Inc.)

Task: {D464AC95-DD20-4D77-8480-05686068CE94} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1211359624-4000402081-1974110644-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)

Task: {DAA6DC7D-9B59-4C30-8AA4-B4F7A35F0AEB} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2014-09-17] (VertoAnalytics Oy)

Task: {E59D6A40-69F9-41E0-9161-E0B5C9150E50} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)

Task: {E6B051B2-44AF-485E-9A61-6307F0DF815B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1211359624-4000402081-1974110644-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)

Task: {EABE39A1-812F-4292-A947-69C63C18D829} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {EB2A4844-7214-4D3D-AC4B-C6139C0F3083} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1211359624-4000402081-1974110644-1000Core => C:\Users\Romanski\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)

Task: {F1E66A04-4E41-4F92-8A2B-4DCE699B423F} - System32\Tasks\AdobeAAMUpdater-1.0-Romanski-HP-Chantal => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)

Task: {F2E7EA7C-93D8-4CCA-AD29-F89A4D2CC661} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()

Task: {FA4722BD-E786-4C37-A3E8-2CD47F73C847} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1211359624-4000402081-1974110644-1000Core.job => C:\Users\Romanski\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1211359624-4000402081-1974110644-1000UA.job => C:\Users\Romanski\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForChantal.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2010-01-18 11:21 - 2010-01-18 11:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

2013-08-11 20:37 - 2013-06-20 01:58 - 00391040 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

2009-06-08 17:45 - 2009-06-08 17:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2010-06-25 19:40 - 2010-06-25 19:40 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-03-25 13:44 - 2013-03-25 13:44 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

2013-08-11 20:37 - 2010-06-23 19:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll

2013-08-11 20:37 - 2010-07-13 07:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll

2013-08-11 20:37 - 2010-06-01 20:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll

2013-08-11 20:37 - 2010-06-01 20:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll

2013-08-11 20:37 - 2013-08-09 00:01 - 09849200 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll

2013-08-11 20:37 - 2010-06-01 20:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll

2013-08-11 20:37 - 2010-06-01 20:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll

2013-08-11 20:37 - 2010-07-05 03:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll

2013-08-11 20:37 - 2010-11-11 03:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll

2013-08-11 20:37 - 2010-06-01 23:05 - 00025600 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll

2013-08-11 20:37 - 2010-06-01 23:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63365938.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63365938.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AMD External Events Utility => 2

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: CinemaNow Service => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: HP Support Assistant Service => 2

MSCONFIG\Services: hpqwmiex => 3

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: jswpsapi => 3

MSCONFIG\Services: LeapFrog Connect Device Service => 2

MSCONFIG\Services: MBAMScheduler => 2

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: SwitchBoard => 3

MSCONFIG\startupfolder: C:^Users^Chantal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: Facebook Update => "C:\Users\Romanski\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1211359624-4000402081-1974110644-500 - Administrator - Disabled)

Chantal (S-1-5-21-1211359624-4000402081-1974110644-1003 - Administrator - Enabled) => C:\Users\Chantal

Guest (S-1-5-21-1211359624-4000402081-1974110644-501 - Limited - Disabled) => C:\Users\Guest

HomeGroupUser$ (S-1-5-21-1211359624-4000402081-1974110644-1002 - Limited - Enabled)

Jan2013 (S-1-5-21-1211359624-4000402081-1974110644-1004 - Limited - Enabled) => C:\Users\Jan2013

Romanski (S-1-5-21-1211359624-4000402081-1974110644-1000 - Administrator - Enabled) => C:\Users\Romanski

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

System errors:

=============

Microsoft Office Sessions:

=========================

CodeIntegrity Errors:

===================================

Date: 2014-10-20 14:52:56.441

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-20 14:52:56.342

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon II X2 250 Processor

Percentage of memory in use: 36%

Total physical RAM: 4863.29 MB

Available physical RAM: 3072.07 MB

Total Pagefile: 9724.75 MB

Available Pagefile: 7468.03 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:584.7 GB) (Free:457.97 GB) NTFS

Drive d: (HP_RECOVERY) (Fixed) (Total:11.37 GB) (Free:1.39 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 596.2 GB) (Disk ID: B73447EE)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=584.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=11.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hello, 
 
Please answer the following questions.

  • Did you install this programme? SmartApp
  • Is Chantal the only profile you're experiencing issues with? (Romanski & Chantal & Jan2013 & Guest)
     

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKLM-x32\...\Run: [] => [X]ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/SearchScopes: HKLM - {89437F0F-D5FD-4CA0-856B-41245B6461D5} URL = http://www.ask.com/w...}&l=dis&o=ushpdBHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No FileBHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File2014-10-18 02:15 - 2010-10-15 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CouponsAlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63365938.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63365938.sys => ""="Driver"C:\Users\Romanski\Photoshop_12_LS1.exeCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download the updated Malwarebytes Anti-Malware to your Desktop
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and click Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Answers to questions
  • Fixlog.txt
  • MBAM Scan log
Link to post
Share on other sites

I did install it. I initially installed it a few months ago and everything was fine, so I decided to keep it around. Last week the power went out and restarted my computer, when it rebooted, the app was gone and they prompted me to get it back and running to keep getting rewards, so I re-installed it.
I never get on the other profiles. I used to use the Romanski one primarily, but something went wacky with it and the only thing I could figure out to do was create and use a new profile. I think the other one was created sometime during that as well. I can't really remember!

I am still for some reason unable to paste here (tried right-click/paste, control+c and the paste clipboard image). Will paste again from my phone.

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 10/21/2014

Scan Time: 10:52:59 AM

Logfile:

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.10.21.07

Rootkit Database: v2014.10.20.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Chantal

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 470066

Time Elapsed: 27 min, 32 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014 01

Ran by Chantal at 2014-10-21 09:49:08 Run:1

Running from C:\Users\Chantal\Desktop

Loaded Profile: Chantal (Available profiles: Romanski & Chantal & Jan2013 & Guest)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

HKLM-x32\...\Run: [] => [X]

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

SearchScopes: HKLM - {89437F0F-D5FD-4CA0-856B-41245B6461D5} URL = http://www.ask.com/w...}&l=dis&o=ushpd

BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File

BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File

2014-10-18 02:15 - 2010-10-15 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63365938.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63365938.sys => ""="Driver"

C:\Users\Romanski\Photoshop_12_LS1.exe

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

end

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.

"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.

"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.

"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.

"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89437F0F-D5FD-4CA0-856B-41245B6461D5}" => Key deleted successfully.

"HKCR\CLSID\{89437F0F-D5FD-4CA0-856B-41245B6461D5}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.

"HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons => Moved successfully.

C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.

C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.

"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\63365938.sys" => Key deleted successfully.

"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\63365938.sys" => Key deleted successfully.

C:\Users\Romanski\Photoshop_12_LS1.exe => Moved successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Reseting Global, OK!

Reseting Interface, OK!

Reseting Unicast Address, OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Reseting Interface, OK!

Restart the computer to complete this action.

========= End of CMD: =========

EmptyTemp: => Removed 3.8 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

  • Staff

Hi Chantal, 

 

I don't think you need to go out of your way installing a new browser. Other users have reported the same issue with IE, so don't worry, the issue concerning copy/paste is not on your end. 

 

For now, I suggest attaching any logs to your posts. 

 

Lets check for remnants and confirm your machine appears free of malware. Once confirmed, we shall update your vulnerable software, remove the tools we've used and finish up. 

 

STEP 1
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply OR attach the log.
     

======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • ESET Online Scan log
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.