backdoor.bot.ed

[hermanph]

Hello - I have a sick PC. This evening my wife said, "Something is wrong with my laptop." With the little bit of knowledge on this that I have, I checked the PC resources and found everything was pegged. Several "COM Surrogate" processes were running. A few minutes after I looked at it, it re-booted by itself and then Microsoft Security Essentials began alerting that it had detected malware. 

 

I ran a scan with malwarebytes and selected option to take recommended action. I have the log and can attach or paste. I also downloaded and ran Farbar and have FRST and Addition logs. 

 

Any help would be GREATLY appreciated. Thank You!!!

[hermanph]

malwarebytes log

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/28/2014

Scan Time: 9:26:54 PM

Logfile: log1.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.10.29.02

Rootkit Database: v2014.10.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Monica

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 333172

Time Elapsed: 1 hr, 2 min, 52 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 4

Backdoor.Bot.ED, HKU\S-1-5-21-100646469-3116330291-2473977308-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ChromeUpdate, C:\Users\Monica\AppData\Roaming\ChromeUpdate.exe, , [7105d248dd9fec4a085917c25aa73dc3]

Trojan.FakeGoog, HKU\S-1-5-21-100646469-3116330291-2473977308-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleUpdate, C:\Users\Monica\AppData\Roaming\GoogleUpdate.exe, , [f680ad6ddca063d3178e9f82d332e51b]

PUM.UserWLoad, HKU\S-1-5-21-100646469-3116330291-2473977308-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load, C:\Users\Monica\LOCALS~1\Temp\msivqaza.com, , [7ff76ab049335bdb3b08036211f29d63]

Trojan.Ransom, HKU\S-1-5-21-100646469-3116330291-2473977308-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load, C:\Users\Monica\LOCALS~1\Temp\msivqaza.com, , [91e54eccd2aa13239e403830cc37c937]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 14

Backdoor.Bot.ED, C:\Users\Monica\AppData\Roaming\ChromeUpdate.exe, , [7105d248dd9fec4a085917c25aa73dc3], 

Trojan.FakeGoog, C:\Users\Monica\AppData\Roaming\GoogleUpdate.exe, , [f680ad6ddca063d3178e9f82d332e51b], 

Backdoor.Bot.ED, C:\Users\Monica\AppData\Local\Temp\msivqaza.com, , [32444dcdd0ac191d62ff6a6f9f6204fc], 

Trojan.Agent.FF, C:\ProgramData\Windows Genuine Advantage\{36057C14-A0BE-4F0B-B1C8-FD34C2CFF7E3}\msiexec.exe, , [4432e436ec90a294af1925ec9c650000], 

Trojan.Agent.FF, C:\ProgramData\Windows Genuine Advantage\{9C8AAC5C-600E-4096-8186-AA70CA2A7CC7}\msiexec.exe, , [3b3b6ab05d1f6fc731974ec3c839bd43], 

Backdoor.Bot.ED, C:\ProgramData\Windows Genuine Advantage\{D3CB926E-B13E-4970-821B-D53C905E63D3}\msiexec.exe, , [f383e535a4d8999da0c1e7f207fa946c], 

Backdoor.Bot.ED, C:\ProgramData\Windows Genuine Advantage\{D4697492-EB9F-4115-BEA8-4DEEB1D4FC83}\msiexec.exe, , [6f077c9e90ec38fe0e537663ee138977], 

Backdoor.Bot.ED, C:\Users\Monica\AppData\Roaming\083ff96.exe, , [ee88b268413b5adc3d2461788e73b54b], 

Backdoor.Bot.ED, C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\083ff96.exe.vir, , [a3d343d70577f046b1b098416f92649c], 

Backdoor.Bot.ED, C:\Users\Monica\AppData\Local\Temp\D77C.tmp, , [71050119f18bcb6bb5ac7366cc355ca4], 

Trojan.FakeGoog, C:\Users\Monica\AppData\Local\Temp\BC9A.tmp, , [cea85cbe7903aa8c95109988da2b37c9], 

Trojan.FakeGoog, C:\Users\Monica\AppData\Local\Temp\671B.tmp, , [0f6756c4621a2610cadbff22f60f16ea], 

Backdoor.Bot.ED, C:\Users\Monica\AppData\Local\Temp\2109.tmp, , [8fe767b3cbb1da5cf86940993ac738c8], 

Trojan.FakeMS, C:\Users\Monica\AppData\Local\Temp\UpdateFlashPlayer_cb0263da.exe, , [086e051587f572c4ca7a342499678080], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[hermanph]

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01

Ran by Monica (administrator) on MONICA-LAPTOP on 28-10-2014 23:44:27

Running from C:\Users\Monica\Downloads

Loaded Profile: Monica (Available profiles: Monica)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Google Inc.) C:\Users\Monica\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Monica\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Monica\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Monica\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Monica\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\Windows\System32\regsvr32.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)

HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKU\S-1-5-21-100646469-3116330291-2473977308-1000\...\Run: [Google Update] => C:\Users\Monica\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.)

HKU\S-1-5-21-100646469-3116330291-2473977308-1000\...\Run: [intelPowerAgent64] => rundll32.exe shell32.dll, ShellExec_RunDLL C:\PROGRA~3\2D04D4~1.EXE

HKU\S-1-5-21-100646469-3116330291-2473977308-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

BootExecute: autocheck autochk * ᔃ߾샀ε

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x04873C89FDE3CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {666FD71D-D834-4AD2-B982-D4215699B003} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

SearchScopes: HKLM - {8D9DFDDA-92A8-4721-A4CD-C165FCB17188} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF

SearchScopes: HKLM - {ED57C464-6070-4036-8614-E153E5CD8346} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {666FD71D-D834-4AD2-B982-D4215699B003} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

SearchScopes: HKLM-x32 - {8D9DFDDA-92A8-4721-A4CD-C165FCB17188} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF

SearchScopes: HKLM-x32 - {ED57C464-6070-4036-8614-E153E5CD8346} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKCU - {666FD71D-D834-4AD2-B982-D4215699B003} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

SearchScopes: HKCU - {8D9DFDDA-92A8-4721-A4CD-C165FCB17188} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF

SearchScopes: HKCU - {B2E44F18-B13E-4FEE-8468-060C850D3B0F} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A883678A-7CCF-4C2E-BCDC-433CD7308DB1&apn_sauid=2D37B9D2-24B1-4A16-9859-C98C1BDFCDE5

SearchScopes: HKCU - {ED57C464-6070-4036-8614-E153E5CD8346} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File

BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Monica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension

FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-07-05]

FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension

FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-07-05]

 

Chrome: 

=======

CHR HomePage: Default -> 

CHR Profile: C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (Google Cast) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-02]

CHR Extension: (Google Search) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-23]

CHR Extension: (Google Wallet) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]

CHR Extension: (Gmail) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-23]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-22] (WildTangent)

S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [197632 2014-04-22] (WildTangent, Inc.) [File not signed]

R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-22] (Hewlett-Packard Company) [File not signed]

R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-04-19] (Realtek Semiconductor Corp.) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-28 23:44 - 2014-10-28 23:46 - 00014777 _____ () C:\Users\Monica\Downloads\FRST.txt

2014-10-28 23:43 - 2014-10-28 23:44 - 00000000 ____D () C:\FRST

2014-10-28 23:42 - 2014-10-28 23:43 - 02113024 _____ (Farbar) C:\Users\Monica\Downloads\FRST64.exe

2014-10-28 23:33 - 2014-10-28 23:35 - 00000000 ____D () C:\8f60046e34fc4ae0e20bd7c0d986f132

2014-10-28 23:32 - 2014-10-28 23:33 - 00913408 _____ (Microsoft Corporation) C:\Users\Monica\Downloads\mssstool64.exe

2014-10-28 22:32 - 2014-10-28 22:32 - 00010562 _____ () C:\Users\Monica\Desktop\log1.xml

2014-10-28 21:09 - 2014-10-28 21:09 - 00000276 _____ () C:\ProgramData\INSTALL_TOR.URL

2014-10-28 20:58 - 2014-10-28 20:59 - 00000085 _____ () C:\Users\Monica\AppData\Roaming\a686dd01

2014-10-28 20:58 - 2014-10-28 20:58 - 00000010 _____ () C:\Users\Monica\AppData\Roaming\a686dd02

2014-10-28 20:47 - 2014-10-28 22:07 - 00000000 _____ () C:\ProgramData\@system.att

2014-10-28 20:47 - 2014-10-28 20:55 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp

2014-10-28 20:47 - 2014-10-28 20:47 - 00000051 _____ () C:\Windows\SysWOW64\1570090490.bat

2014-10-28 20:43 - 2014-10-28 20:55 - 00001104 ____H () C:\ProgramData\@system2.att

2014-10-28 20:43 - 2014-10-28 20:43 - 00000448 ____H () C:\Users\Monica\AppData\Roaming\麽鎒駓覜

2014-10-28 20:43 - 2014-10-28 20:43 - 00000000 _____ () C:\Users\Monica\AppData\Roaming\nfrpe.dll

2014-10-28 20:41 - 2014-10-28 20:41 - 00000000 ___HD () C:\083ff96

2014-10-28 20:40 - 2014-10-28 20:40 - 00070144 _____ () C:\Users\Monica\AppData\Roaming\ebsssue.dll

2014-10-28 20:40 - 2014-10-28 20:40 - 00004058 _____ () C:\Windows\System32\Tasks\{1607071F-627C-4BDC-4547-5EFBBBBFFAFA}

2014-10-28 20:36 - 2014-10-28 20:39 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage

2014-10-28 19:33 - 2014-10-28 19:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe

2014-10-28 19:33 - 2014-10-28 19:33 - 00000000 ____D () C:\Users\Administrator

2014-10-16 12:18 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-16 12:18 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-16 12:18 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-16 12:18 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-16 12:18 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-16 12:18 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-16 12:18 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-16 12:18 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-16 12:18 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-16 12:18 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-16 12:17 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-16 12:17 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-16 12:17 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-16 12:17 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-16 12:17 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-16 12:17 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-16 12:17 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-16 12:17 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-16 12:17 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-16 12:17 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-16 12:17 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-16 12:17 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-16 12:17 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-16 12:17 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-16 12:17 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-16 12:17 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-16 12:17 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-16 12:17 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-16 12:17 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-16 12:17 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-16 12:17 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-16 12:17 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-16 12:17 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-16 12:17 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-16 12:17 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-16 12:17 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-16 12:17 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-16 12:17 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-16 12:17 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-16 12:17 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-16 12:17 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-16 12:17 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-16 12:17 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-16 12:17 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-16 12:17 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-16 12:17 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-16 12:17 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-16 12:17 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-16 12:17 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-16 12:17 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-16 12:17 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-16 12:17 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-16 12:17 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-16 12:17 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-16 12:17 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-16 12:17 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-16 12:17 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-16 12:17 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-16 12:17 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-16 12:17 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-16 12:17 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-16 12:17 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-16 12:17 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-16 12:17 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-16 12:17 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-16 12:17 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-16 12:16 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-16 12:16 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-16 12:16 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-16 12:16 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-16 12:15 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-16 12:15 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-16 12:15 - 2014-09-04 22:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-16 12:15 - 2014-09-04 21:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-16 12:15 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-16 12:15 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-16 12:15 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-16 12:15 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-16 12:15 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-16 12:15 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-16 12:15 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-16 12:15 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-16 12:15 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-16 12:15 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-16 12:15 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-03 22:53 - 2014-10-03 22:53 - 00003140 _____ () C:\Windows\System32\Tasks\{AE19CD86-4386-42E5-B9B5-0024187DEB1E}

2014-10-01 08:33 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-01 08:33 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-28 23:42 - 2011-04-13 09:05 - 01329498 _____ () C:\Windows\WindowsUpdate.log

2014-10-28 23:38 - 2009-07-14 00:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-28 23:38 - 2009-07-14 00:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-28 23:36 - 2013-11-03 16:52 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000UA.job

2014-10-28 23:21 - 2014-08-06 08:54 - 00002240 _____ () C:\Windows\setupact.log

2014-10-28 23:21 - 2013-10-06 16:55 - 00113994 _____ () C:\Windows\PFRO.log

2014-10-28 23:21 - 2009-07-14 01:08 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-10-28 23:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-28 22:42 - 2014-07-04 01:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-28 21:22 - 2014-07-04 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-28 21:22 - 2014-07-04 01:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-28 21:11 - 2013-05-16 16:04 - 00000000 ____D () C:\ProgramData\Wild Tangent

2014-10-28 21:11 - 2013-02-17 17:41 - 00000000 ____D () C:\Users\Monica\AppData\Local\AMD

2014-10-28 21:03 - 2011-04-13 09:17 - 00000000 ____D () C:\ProgramData\Sonic

2014-10-28 21:03 - 2010-07-10 22:15 - 00000000 ____D () C:\ProgramData\Symantec

2014-10-28 21:02 - 2010-07-10 22:36 - 00000000 ____D () C:\ProgramData\Hewlett-Packard

2014-10-28 21:01 - 2009-07-13 19:19 - 00434096 ___SH () C:\ProgramData\2d04d40f2h.exe

2014-10-28 14:48 - 2011-05-08 19:38 - 00000000 ____D () C:\Users\Monica

2014-10-28 12:01 - 2013-11-03 16:52 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000Core.job

2014-10-27 18:08 - 2012-09-17 21:10 - 00002374 _____ () C:\Users\Monica\Desktop\Google Chrome.lnk

2014-10-23 11:30 - 2013-11-03 16:52 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000UA

2014-10-23 11:30 - 2013-11-03 16:52 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000Core

2014-10-17 09:05 - 2009-07-14 00:45 - 00278976 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-17 09:00 - 2014-05-07 07:21 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-17 08:26 - 2013-08-18 03:02 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-17 06:51 - 2011-05-13 23:50 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-16 20:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

2014-10-14 22:22 - 2011-07-06 08:12 - 00000000 ____D () C:\Users\Monica\AppData\Roaming\SoftGrid Client

2014-10-04 22:23 - 2009-07-14 01:13 - 00795788 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-03 23:01 - 2013-01-23 23:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-10-03 23:01 - 2013-01-23 23:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-02 21:16 - 2011-07-02 12:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-10-01 11:11 - 2014-07-04 01:04 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-01 11:11 - 2014-07-04 01:04 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-01 11:11 - 2011-07-02 13:28 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

 

Files to move or delete:

====================

C:\ProgramData\2d04d40f2h.exe

C:\ProgramData\dj46j826bj.exe

 

 

Some content of TEMP:

====================

C:\Users\Monica\AppData\Local\Temp\avgnt.exe

C:\Users\Monica\AppData\Local\Temp\ose00000.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-16 20:03

 

==================== End Of Log ============================

[hermanph]

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01

Ran by Monica at 2014-10-28 23:47:31

Running from C:\Users\Monica\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

3ivx MPEG-4 5.0.1 Decoder (remove only) (HKLM-x32\...\3ivx MPEG-4 5.0.1 Decoder) (Version: 5.0.1 - 3ivx Technologies, Pty. Ltd.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)

AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) Hidden

AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden

AMD VISION Engine Control Center (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2380.0 - Microsoft Corporation)

Bing Bar Platform (x32 Version: 6.3.2380.0 - Microsoft Corporation) Hidden

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

cmd (HKLM\...\{c47364d8-3a89-4a96-83ca-ff8b61cec670}.sdb) (Version:  - )

CPUID HWMonitor 1.22 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )

CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)

CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)

Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden

Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)

Google SketchUp 8 (HKLM-x32\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)

Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden

HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)

HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)

HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)

HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)

HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

muvee Plugin 1.0 (HKLM-x32\...\{82CA0A0C-A3EC-4167-B694-909205B2EDEC}) (Version: 1.01.100 - muvee Technologies)

Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)

PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden

Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden

PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)

PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden

Roxio CinemaNow 2.0 (x32 Version: 1.0.278 - Hewlett-Packard) Hidden

RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)

Sheet Music Plus Digital Print (HKLM-x32\...\com.sheetmusicplus.DigitalAirPrint) (Version: v2011.11.14 - Sheet Music Plus, LLC)

Sheet Music Plus Digital Print (x32 Version: 255.11.14 - Sheet Music Plus, LLC) Hidden

Smilebox (HKCU\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)

Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden

Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden

Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-100646469-3116330291-2473977308-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-100646469-3116330291-2473977308-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-100646469-3116330291-2473977308-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-100646469-3116330291-2473977308-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

CustomCLSID: HKU\S-1-5-21-100646469-3116330291-2473977308-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-100646469-3116330291-2473977308-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Monica\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

06-10-2014 23:46:52 Windows Update

11-10-2014 12:15:17 Windows Update

15-10-2014 23:31:00 Windows Update

17-10-2014 10:47:32 Windows Update

20-10-2014 18:23:27 Windows Update

23-10-2014 22:28:24 Windows Update

27-10-2014 10:18:46 Windows Update

29-10-2014 03:42:28 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {071C9D9D-2D93-42BF-840C-368B89B7972C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000UA => C:\Users\Monica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)

Task: {64CDC294-94F8-4DBB-9061-CA06E40D953E} - System32\Tasks\{1607071F-627C-4BDC-4547-5EFBBBBFFAFA} => C:\Users\Monica\AppData\Roaming\ebsssue.dll [2014-10-28] () <==== ATTENTION

Task: {C3421AC4-DDFC-49AA-AF71-416AB2E5D8B4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000Core => C:\Users\Monica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000Core.job => C:\Users\Monica\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-100646469-3116330291-2473977308-1000UA.job => C:\Users\Monica\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2010-06-29 22:00 - 2010-06-29 22:00 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

2014-10-28 20:40 - 2014-10-28 20:40 - 00070144 _____ () C:\Users\Monica\AppData\Roaming\ebsssue.dll

2014-10-27 18:08 - 2014-10-22 00:04 - 01042760 _____ () C:\Users\Monica\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll

2014-10-27 18:08 - 2014-10-22 00:04 - 00211272 _____ () C:\Users\Monica\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll

2014-10-27 18:08 - 2014-10-22 00:04 - 08910664 _____ () C:\Users\Monica\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll

2014-10-27 18:08 - 2014-10-22 00:04 - 01681224 _____ () C:\Users\Monica\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

2014-10-27 18:08 - 2014-10-22 00:04 - 00310088 _____ () C:\Users\Monica\AppData\Local\Google\Chrome\Application\38.0.2125.111\libexif.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"

MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-100646469-3116330291-2473977308-500 - Administrator - Disabled)

Guest (S-1-5-21-100646469-3116330291-2473977308-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-100646469-3116330291-2473977308-1002 - Limited - Enabled)

Monica (S-1-5-21-100646469-3116330291-2473977308-1000 - Administrator - Enabled) => C:\Users\Monica

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/28/2014 10:46:30 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (10/28/2014 08:55:31 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.

]

 

Error: (10/28/2014 08:47:22 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.

]

 

Error: (10/28/2014 08:47:22 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.

]

 

Error: (10/28/2014 03:54:48 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: f48

 

Start Time: 01cff2dff1b5d12c

 

Termination Time: 0

 

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

 

Report Id:

 

Error: (10/27/2014 06:28:33 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: df0

 

Start Time: 01cff1d04cb9c6ee

 

Termination Time: 31

 

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

 

Report Id: eb7ec9b3-5dc3-11e4-bae2-643150574d4a

 

Error: (10/25/2014 09:09:09 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (10/21/2014 09:12:22 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 940

 

Start Time: 01cfed922acd47ec

 

Termination Time: 108

 

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

 

Report Id:

 

Error: (10/21/2014 04:00:27 PM) (Source: ESENT) (EventID: 215) (User: )

Description: wlcomm (3880) C:\Users\Monica\AppData\Local\Microsoft\Windows Live Contacts\{d6f6e27a-01ec-402a-89d8-22147a971d69}\: The backup has been stopped because it was halted by the client or the connection with the client failed.

 

Error: (10/21/2014 11:46:02 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

 

System errors:

=============

Error: (10/28/2014 11:23:37 PM) (Source: Microsoft Antimalware) (EventID: 2031) (User: )

Description: %%860 has encountered an error trying to download and configure Windows Defender Offline.

 

Error code: 0x80070002

 

Error description: The system cannot find the file specified.

 

Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.

 

Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.

 

Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.

 

Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.

 

Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.

 

Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.

 

Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.

 

Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.

 

Error: (10/28/2014 11:23:22 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk0\DR0.

 

 

Microsoft Office Sessions:

=========================

Error: (10/28/2014 10:46:30 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (10/28/2014 08:55:31 PM) (Source: VSS) (EventID: 13) (User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

 

Error: (10/28/2014 08:47:22 PM) (Source: VSS) (EventID: 13) (User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

 

Error: (10/28/2014 08:47:22 PM) (Source: VSS) (EventID: 13) (User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

 

Error: (10/28/2014 03:54:48 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: IEXPLORE.EXE11.0.9600.17344f4801cff2dff1b5d12c0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

 

Error: (10/27/2014 06:28:33 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe11.0.9600.17344df001cff1d04cb9c6ee31C:\Program Files\Internet Explorer\iexplore.exeeb7ec9b3-5dc3-11e4-bae2-643150574d4a

 

Error: (10/25/2014 09:09:09 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (10/21/2014 09:12:22 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: IEXPLORE.EXE11.0.9600.1734494001cfed922acd47ec108C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

 

Error: (10/21/2014 04:00:27 PM) (Source: ESENT) (EventID: 215) (User: )

Description: wlcomm3880C:\Users\Monica\AppData\Local\Microsoft\Windows Live Contacts\{d6f6e27a-01ec-402a-89d8-22147a971d69}\:

 

Error: (10/21/2014 11:46:02 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

 

==================== Memory info =========================== 

 

Processor: AMD V140 Processor

Percentage of memory in use: 65%

Total physical RAM: 1786.9 MB

Available physical RAM: 608.6 MB

Total Pagefile: 3573.8 MB

Available Pagefile: 1536.22 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:215.36 GB) (Free:126.15 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:17.22 GB) (Free:2.49 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 4BE9BCC0)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=215.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=17.2 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

==================== End Of Log ============================

[AdvancedSetup]

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.