Jump to content

Recommended Posts

Hello,

 

I am helping a friend that appears to like to download stuff that infects her computer.  The computer is getting constant popups and I ran MAWB and the count was several hundred.  Attached are the list that are requested and I have the MAWB list if requested.  Thanks for the help.

 

Fujimo

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by Lisa (administrator) on LISASPC on 22-12-2014 19:33:15
Running from C:\Users\Lisa\Downloads
Loaded Profile: Lisa (Available profiles: Lisa)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Crawler, LLC) C:\Program Files (x86)\SiteRanker\SiteRankTray.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Crawler.com) C:\Program Files (x86)\OnlineVault\OVTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-12] (Realtek Semiconductor)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
HKLM-x32\...\Run: [siteRanker] => C:\Program Files (x86)\SiteRanker\SiteRankTray.exe [1084888 2014-09-19] (Crawler, LLC)
HKLM-x32\...\Run: [Online Vault] => C:\Program Files (x86)\OnlineVault\OVTray.exe [369000 2014-05-21] (Crawler.com)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-746983125-3766845642-939562213-1002\...\Run: [GoogleChromeAutoLaunch_A963AF10D41C891DDF74F25191F896A3] => c:\program files (x86)\google\chrome\application\chrome.exe [856904 2014-12-05] (Google Inc.)
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13081
ProxyServer: [s-1-5-21-746983125-3766845642-939562213-1002] => http=127.0.0.1:13081
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/1
HKU\S-1-5-21-746983125-3766845642-939562213-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/1
SearchScopes: HKU\S-1-5-21-746983125-3766845642-939562213-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-746983125-3766845642-939562213-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-746983125-3766845642-939562213-1002 -> {D262E043-5C03-4F7C-9174-4D71F95003F2} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteR64.dll (Crawler, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3322290&octid=EB_ORIGINAL_CTID&ISID=M8B080C66-4FEC-46D4-AD1B-98B4B63B339C&SearchSource=55&CUI=&UM=8&UP=SP2573544C-9EBB-4CD1-AE16-C186AF6D594E&SSPV=
FF SelectedSearchEngine: Trovi search
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3330484&octid=EB_ORIGINAL_CTID&ISID=ME571C111-D10E-48F0-8C7D-DCB16CE96877&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP2573544C-9EBB-4CD1-AE16-C186AF6D594E
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-746983125-3766845642-939562213-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\Lisa\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\searchplugins\inbox-search.xml
FF Extension: shopndrroP - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\Extensions\K@M12ch0OR.edu [2014-12-18]
FF Extension: SiteRanker - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\Extensions\siteranker@siteranker.com [2014-12-17]
FF Extension: snipsmart 1.0.1 - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\Extensions\{7a3b1fa0-6acc-4a4a-9930-456a27e1b6c1}.xpi [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox
FF Extension: No Name - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\extensions\toolbar_ORJ-SPE@apn.ask.com.xpi [Not Found]
FF Extension: No Name - toolbar_ORJ-SPE@apn.ask.com [Not Found]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://google.com/
CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?ctid=CT3239904&SearchSource=48&UP=SP5F2F24E8-CF79-4C77-84D1-9D4A76D75AA3&SSPV=", "hxxp://search.babylon.com/?affID=116254&tt=0113_1&babsrc=HP_ss&mntrId=e408e48f00000000000078e3b561bd6a", "hxxp://xfinity.comcast.net/?cid=insDate01072013", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByDyCtC0B0DyC0A0EyEzz0FtN0D0Tzu0CtAyByCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=630568343", "hxxp://search.conduit.com/?ctid=CT3268935&SearchSource=48", "hxxp://search.conduit.com/?ctid=CT3268934&SearchSource=48", "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20130105,17093,0,11,0", "hxxp://mysearch.avg.com/?cid={BE73894E-0A0F-4F36-BDB0-B36B804D48F9}&mid=8dffae8abbe947d381b6a9aaf3855499-e98f949b114d66c1dd11fbb31b1f6646fa52198a〈=en&ds=co011&pr=sa&d=2013-03-05%2013:20:13&v=14.2.0.1&pid=safeguard&sg=1&sap=hp", "hxxp://search.conduit.com/?CUI=UN58909726228570116&ctid=CT3285873&SearchSource=48", "hxxp://www.searchnu.com/406?appid=341", "hxxp://astromenda.com/?f=7&a=ast_cmi_14_49_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCyBtC0B0BtDyByD0EyD0CtN0D0Tzu0SzyyEyDtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0D0EyE0E0ByCtBtGyD0B0DyCtGzzzztDyDtGtByD0E0DtGtD0DyBtAyD0F0CzztDyD0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzzyCtDyCyB0AzztGzzzytAzytGtA0Ezy0BtGyEzytCzytGtD0BtB0Dzz0F0EyC0D0Azy0C2Q&cr=1476006883&ir="
CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (snipsmart) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kehpbbgolhfcmdgfnjfnclepfhpmjjkf [2014-12-18]
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-17]
CHR Extension: (HeadlineAlley) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\amogncdhclnhneejdfggljpdgigffhfi [2014-12-17]
CHR Extension: (Google Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17]
CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-18]
CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17]
CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17]
CHR Extension: (ShopAtHome.com) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-12-17]
CHR Extension: (Zwinky) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ehjkfdmkpocpileolmldepapdjbfegei [2014-12-17]
CHR Extension: (Google Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-17]
CHR Extension: (RadioRage) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ffiohgnekoikpmbilaclfihhhaglmbei [2014-12-17]
CHR Extension: (Elite Unzip) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2014-12-17]
CHR Extension: (Bible Homepage) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hfjgekpddapedobkjbmeefnjofabigbi [2014-12-17]
CHR Extension: (ArcadeYum) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmbmildjdmppofnohldicmnkojfhggmb [2014-12-17]
CHR Extension: (Webfetti) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmpchpgemlpnbapjajinolkefniihpod [2014-12-17]
CHR Extension: (Recipe Hub) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfpcpilhpbdgmnfaoonnnofhdmcbejhh [2014-12-17]
CHR Extension: (Google Wallet) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-18]
CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-11-24] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-07] (Windows ® Win 7 DDK provider)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-12] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
S3 AX88179; C:\Windows\system32\DRIVERS\ax88179_178a.sys [70104 2013-07-08] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-22 19:33 - 2014-12-22 19:34 - 00021320 _____ () C:\Users\Lisa\Downloads\FRST.txt
2014-12-22 19:32 - 2014-12-22 19:33 - 00000000 ____D () C:\FRST
2014-12-22 19:32 - 2014-12-22 19:32 - 02122240 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe
2014-12-22 19:32 - 2014-12-22 19:32 - 00000000 ____H () C:\Users\Lisa\BIT298.tmp
2014-12-22 19:13 - 2014-12-22 19:13 - 00022512 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-12-22 19:11 - 2014-12-22 19:11 - 00085668 _____ () C:\Users\Lisa\Desktop\maeb.txt
2014-12-22 18:44 - 2014-12-22 18:44 - 00001074 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-22 18:43 - 2014-12-22 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-22 18:42 - 2014-12-22 18:42 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Lisa\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-22 18:32 - 2012-04-16 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMBC.DLL
2014-12-18 23:30 - 2014-12-18 23:30 - 00012288 _____ () C:\Windows\system32\umstartup.etl
2014-12-18 23:30 - 2014-12-18 23:30 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2014-12-18 18:32 - 2014-12-18 21:09 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-18 15:23 - 2014-12-18 15:23 - 00819176 _____ (Google Inc.) C:\Users\Lisa\Desktop\Setup_product_2937.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00003192 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2014-12-18 15:22 - 2014-12-18 15:22 - 00000000 ____D () C:\Users\Lisa\Documents\ProPCCleaner
2014-12-18 15:22 - 2014-12-18 15:22 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Pro_PC_Cleaner
2014-12-18 14:42 - 2014-12-22 18:48 - 00000000 ____D () C:\ProgramData\WowCoouapaon
2014-12-18 14:41 - 2014-12-18 14:42 - 00000000 ____D () C:\ProgramData\7a7316e834570c5b
2014-12-18 14:31 - 2014-12-18 14:31 - 00000000 ____D () C:\Program Files (x86)\mozilla firefox
2014-12-17 22:08 - 2014-12-18 15:34 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
2014-12-17 22:05 - 2014-12-17 22:06 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\OnlineVault
2014-12-17 22:05 - 2014-12-17 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
2014-12-17 22:05 - 2014-12-17 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Vault
2014-12-17 22:05 - 2014-12-17 22:05 - 00000000 ____D () C:\Program Files (x86)\OnlineVault
2014-12-17 22:04 - 2014-12-22 18:31 - 00000000 ____D () C:\Program Files (x86)\SiteRanker
2014-12-15 18:12 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-15 18:12 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-10 18:24 - 2014-12-10 18:24 - 00000000 ____D () C:\ProgramData\8823421281515277403
2014-12-09 21:05 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 21:05 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 21:01 - 2014-12-09 21:01 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-09 18:52 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-09 18:52 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-09 18:37 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 18:37 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 18:37 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 18:37 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 18:37 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 18:37 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 18:37 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 18:37 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-09 18:37 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-09 18:37 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 18:37 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 18:37 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-09 18:37 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-09 18:37 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-09 18:37 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-09 18:37 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-09 18:37 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-09 18:36 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 18:36 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 18:36 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 18:36 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 18:36 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 18:36 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 18:36 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 18:36 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 18:36 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 18:36 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 18:36 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-09 18:36 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-09 18:36 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 18:36 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 18:36 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 18:36 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-09 18:36 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-09 18:36 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-09 18:36 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 18:36 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 18:36 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 18:36 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 18:36 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 18:36 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 18:36 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-09 18:36 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 18:36 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 18:36 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-09 18:36 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 18:36 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-09 18:36 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 18:36 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 18:36 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 18:36 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 18:36 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 18:36 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 18:36 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 18:36 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 18:36 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-27 08:44 - 2014-11-27 08:44 - 00000000 __SHD () C:\Users\Lisa\AppData\Local\EmieBrowserModeList
2014-11-26 19:23 - 2014-11-26 19:26 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\OpenSoftwareUpdater
2014-11-26 19:20 - 2014-12-06 12:53 - 00000000 ____D () C:\Program Files (x86)\OpenSoftwareUpdater
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-22 19:34 - 2014-09-18 10:25 - 00610304 ___SH () C:\Users\Lisa\Downloads\Thumbs.db
2014-12-22 19:33 - 2014-09-17 17:46 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-746983125-3766845642-939562213-1002
2014-12-22 19:32 - 2014-09-25 11:52 - 00003156 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLisa
2014-12-22 19:32 - 2014-09-25 11:52 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForLisa.job
2014-12-22 19:32 - 2014-09-17 17:40 - 00000000 ____D () C:\Users\Lisa
2014-12-22 19:31 - 2014-09-17 17:43 - 00000000 ____D () C:\Users\Lisa\Documents\Youcam
2014-12-22 19:31 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-22 19:30 - 2014-09-17 17:24 - 01788467 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 19:30 - 2014-08-06 20:14 - 01212372 _____ () C:\Windows\SysWOW64\rootpa.e2e
2014-12-22 19:28 - 2014-09-17 17:44 - 00000000 __RDO () C:\Users\Lisa\OneDrive
2014-12-22 19:27 - 2014-09-24 18:38 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 19:27 - 2014-03-18 04:44 - 00358504 _____ () C:\Windows\PFRO.log
2014-12-22 19:27 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 19:27 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-22 19:26 - 2014-08-06 20:05 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-12-22 19:23 - 2014-10-24 18:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 19:16 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-22 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-22 18:55 - 2014-09-24 18:38 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 18:44 - 2014-09-24 17:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 18:44 - 2014-09-24 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-22 18:31 - 2014-09-17 17:48 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{54D26DBD-24CB-4200-9FAB-1CB0512B54CD}
2014-12-19 12:14 - 2013-08-22 08:25 - 00000301 _____ () C:\Windows\win.ini
2014-12-19 08:16 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-18 23:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-18 23:17 - 2014-09-17 17:40 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Packages
2014-12-18 15:34 - 2014-09-24 18:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-17 17:36 - 2014-03-18 04:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 14:12 - 2014-10-02 11:01 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-14 14:11 - 2014-10-02 11:00 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-13 11:24 - 2014-08-07 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 11:22 - 2014-08-07 18:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 11:22 - 2014-08-07 18:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-10 10:21 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-12-09 21:02 - 2014-09-20 15:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-09 21:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-09 21:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-09 21:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-09 19:14 - 2014-09-20 10:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 19:14 - 2014-08-07 18:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 19:06 - 2014-09-20 10:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 13:23 - 2014-10-24 18:33 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 08:59 - 2014-09-23 20:20 - 00159232 ___SH () C:\Users\Lisa\Desktop\Thumbs.db
2014-12-06 13:32 - 2014-11-15 17:23 - 00000000 ____D () C:\Users\Lisa\Downloads\Amish Friendship Bread Starter Recipe - Allrecipes.com_files
2014-12-06 13:32 - 2014-09-23 20:18 - 00000000 ____D () C:\Users\Lisa\Downloads\New folder
2014-12-06 13:10 - 2014-08-06 20:21 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-06 12:53 - 2013-08-22 09:44 - 00482536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-23 20:52 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\LiveKernelReports
 
Some content of TEMP:
====================
C:\Users\Lisa\AppData\Local\Temp\APNSetup.exe
C:\Users\Lisa\AppData\Local\Temp\COMAP.EXE
C:\Users\Lisa\AppData\Local\Temp\ff6609_setup.exe
C:\Users\Lisa\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Lisa\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Lisa\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Lisa\AppData\Local\Temp\System.Data.SQLite32e7235c-fe5d-47c4-8c9f-9ee43a02799c.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-10 09:40
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by Lisa at 2014-12-22 19:34:46
Running from C:\Users\Lisa\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7536C341-2F7D-EFE6-F521-DEBE68B025C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Elite Unzip (HKLM-x32\...\Elite Unzip) (Version: 1.1.7640.260 - Mindspark Interactive Network) <==== ATTENTION
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
grillaprice (HKLM-x32\...\grillaprice) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Online Vault (HKLM-x32\...\{FE60B87C-63A2-4A45-AC06-FFEFD5DB7846}_is1) (Version:  - Crawler, LLC)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1500}) (Version: 12.21.0.114 - APN, LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SiteRanker (HKLM-x32\...\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1) (Version: 1.0.0.139 - Crawler, LLC) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WowCoouapaon (HKLM-x32\...\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3}) (Version:  - WowCoupon) <==== ATTENTION
Zoom (HKU\S-1-5-21-746983125-3766845642-939562213-1002\...\ZoomUMX) (Version: 3.0 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-11-2014 11:07:28 Scheduled Checkpoint
06-12-2014 16:29:04 Scheduled Checkpoint
09-12-2014 18:54:34 Windows Update
13-12-2014 11:19:44 Windows Update
19-12-2014 08:14:46 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {014485B2-1EA6-4E87-9154-FF660C4F9621} - \RocketTab No Task File <==== ATTENTION
Task: {08CDD6D7-C5B2-455A-9B90-FD255877E9F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {32B7BD58-CFB3-47AF-8670-8DEF4E57EE19} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {4129FE01-8AC1-411D-A304-CFDF31D5261F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-24] (Google Inc.)
Task: {6A490F10-E0F8-410E-B158-75B8967D2066} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6AC696E1-0464-42B3-9371-4D05B7B52790} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {6F57C429-85B1-4382-B5FA-A0A14DD704C6} - System32\Tasks\HPCeeScheduleForLisa => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {774E5B5D-5FD2-45B9-AAA7-3D3A78C0E5C1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9957469B-6F92-4A89-ABAF-7D8760B1DBBE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {9C7C1698-1DD7-4100-827F-4DE3BD5C4F6A} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {A4A82D4B-87D8-4D3B-A8A9-BD615ABACE11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-24] (Google Inc.)
Task: {AF717423-41F5-4595-A305-9952918370EB} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {B068702F-05AF-4627-BA65-E7FFD7FBAA4B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {BB57F593-8C3B-454C-A738-0E204E836FAF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-13] (Synaptics Incorporated)
Task: {CBB34D68-D156-4F3B-BE52-BAA8523903DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {D686EAFB-DCFB-4F49-873B-6D4B8A87DEE9} - \Advanced-System Protector_startup No Task File <==== ATTENTION
Task: {E057D60A-64DE-4078-9367-21F2C13F31C3} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {E46AAE83-1635-4384-B930-917A8AE4F619} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-09] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLisa.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-17 17:38 - 2014-04-17 17:38 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-04-17 17:37 - 2014-04-17 17:37 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-06 20:26 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Lisa\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-746983125-3766845642-939562213-1002\...\StartupApproved\Run: => "RebateInformer"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-746983125-3766845642-939562213-500 - Administrator - Disabled)
Guest (S-1-5-21-746983125-3766845642-939562213-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-746983125-3766845642-939562213-1004 - Limited - Enabled)
Lisa (S-1-5-21-746983125-3766845642-939562213-1002 - Administrator - Enabled) => C:\Users\Lisa
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/22/2014 06:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x31ac
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (12/22/2014 06:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x48a0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (12/19/2014 10:53:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x1240
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (12/19/2014 09:23:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1815422
 
Error: (12/19/2014 09:23:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1815422
 
Error: (12/19/2014 09:23:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/19/2014 08:18:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x1adc
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (12/18/2014 11:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0xe84
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (12/18/2014 11:18:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x2530
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (12/18/2014 10:02:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x1988
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
 
System errors:
=============
Error: (12/19/2014 02:34:02 PM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 02:34:02 PM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 00:33:36 PM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 00:33:36 PM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 11:34:24 AM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 11:34:24 AM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 11:05:42 AM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 11:05:42 AM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 10:45:24 AM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 10:45:24 AM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (12/22/2014 06:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39c31ac01d01e4294076d86C:\program files (x86)\google\chrome\application\chrome.exeC:\program files (x86)\google\chrome\application\39.0.2171.95\chrome.dll8cb47c77-8a36-11e4-8281-f8a963896c5e
 
Error: (12/22/2014 06:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39c48a001d01e401d3629c9C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll176ad1bb-8a34-11e4-8281-f8a963896c5e
 
Error: (12/19/2014 10:53:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39c124001d01ba29c08658dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll23632d78-8797-11e4-8281-f8a963896c5e
 
Error: (12/19/2014 09:23:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1815422
 
Error: (12/19/2014 09:23:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1815422
 
Error: (12/19/2014 09:23:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/19/2014 08:18:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39c1adc01d01b8d5f050249C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll85d9cbd6-8781-11e4-8281-f8a963896c5e
 
Error: (12/18/2014 11:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39ce8401d01b4611ca4f80C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll0f5ca986-873a-11e4-8281-f8a963896c5e
 
Error: (12/18/2014 11:18:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39c253001d01b42050fadb3C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll10513357-8736-11e4-827e-18cf5e333832
 
Error: (12/18/2014 10:02:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff480000003004fd39c198801d01b3759ff6058C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll819fa626-872b-11e4-827e-18cf5e333832
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-19 10:47:16.241
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-19 10:47:15.693
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-18 16:19:33.601
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-18 15:13:13.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-18 15:13:12.846
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-18 15:13:12.496
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-18 15:13:12.205
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-17 15:23:46.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-17 15:23:45.789
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-12 09:54:07.325
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics 
Percentage of memory in use: 37%
Total physical RAM: 3545.08 MB
Available physical RAM: 2206.16 MB
Total Pagefile: 4697.08 MB
Available Pagefile: 3253.96 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:427.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FB124078)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 


 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)

 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 

Link 1
Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.


  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please go into Control Panel, Program Add/Remove and uninstall the following software
Pro PC Cleaner



STEP 03a
Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.


  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:


  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

STEP 03b
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

 

fixlist.txt

Link to post
Share on other sites

Ron,

 

Thank you for the help,  below are the files you requested and PC CLeaner was not in the program remove list.

 

Thanks

 

 

 

Rkill 2.6.9 by Lawrence Abrams (Grinler)
SearchScopes: HKLM-x32 -> {D262E043-5C03-4F7C-9174-4D71F95003F2} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-746983125-3766845642-939562213-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-746983125-3766845642-939562213-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-746983125-3766845642-939562213-1002 -> {D262E043-5C03-4F7C-9174-4D71F95003F2} URL = http://www.amazon.co...s={searchTerms}
BHO: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteR64.dll (Crawler, LLC)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3322290&octid=EB_ORIGINAL_CTID&ISID=M8B080C66-4FEC-46D4-AD1B-98B4B63B339C&SearchSource=55&CUI=&UM=8&UP=SP2573544C-9EBB-4CD1-AE16-C186AF6D594E&SSPV=
FF SelectedSearchEngine: Trovi search
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3330484&octid=EB_ORIGINAL_CTID&ISID=ME571C111-D10E-48F0-8C7D-DCB16CE96877&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP2573544C-9EBB-4CD1-AE16-C186AF6D594E
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\searchplugins\inbox-search.xml
FF Extension: shopndrroP - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\Extensions\K@M12ch0OR.edu [2014-12-18]
FF Extension: SiteRanker - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\Extensions\siteranker@siteranker.com [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox
FF Extension: No Name - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\extensions\toolbar_ORJ-SPE@apn.ask.com.xpi [Not Found]
FF Extension: No Name - toolbar_ORJ-SPE@apn.ask.com [Not Found]
CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?ctid=CT3239904&SearchSource=48&UP=SP5F2F24E8-CF79-4C77-84D1-9D4A76D75AA3&SSPV=", "hxxp://search.babylon.com/?affID=116254&tt=0113_1&babsrc=HP_ss&mntrId=e408e48f00000000000078e3b561bd6a", "hxxp://xfinity.comcast.net/?cid=insDate01072013", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByDyCtC0B0DyC0A0EyEzz0FtN0D0Tzu0CtAyByCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=630568343", "hxxp://search.conduit.com/?ctid=CT3268935&SearchSource=48", "hxxp://search.conduit.com/?ctid=CT3268934&SearchSource=48", "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20130105,17093,0,11,0", "hxxp://mysearch.avg.com/?cid={BE73894E-0A0F-4F36-BDB0-B36B804D48F9}&mid=8dffae8abbe947d381b6a9aaf3855499-e98f949b114d66c1dd11fbb31b1f6646fa52198a〈=en&ds=co011&pr=sa&d=2013-03-05%2013:20:13&v=14.2.0.1&pid=safeguard&sg=1&sap=hp", "hxxp://search.conduit.com/?CUI=UN58909726228570116&ctid=CT3285873&SearchSource=48", "hxxp://www.searchnu.com/406?appid=341", "hxxp://astromenda.com/?f=7&a=ast_cmi_14_49_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCyBtC0B0BtDyByD0EyD0CtN0D0Tzu0SzyyEyDtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0D0EyE0E0ByCtBtGyD0B0DyCtGzzzztDyDtGtByD0E0DtGtD0DyBtAyD0F0CzztDyD0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzzyCtDyCyB0AzztGzzzytAzytGtA0Ezy0BtGyEzytCzytGtD0BtB0Dzz0F0EyC0D0Azy0C2Q&cr=1476006883&ir="
CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (ShopAtHome.com) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-12-17]
C:\Users\Lisa\AppData\Local\Temp\APNSetup.exe
C:\Users\Lisa\AppData\Local\Temp\COMAP.EXE
C:\Users\Lisa\AppData\Local\Temp\ff6609_setup.exe
C:\Users\Lisa\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Lisa\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Lisa\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Lisa\AppData\Local\Temp\System.Data.SQLite32e7235c-fe5d-47c4-8c9f-9ee43a02799c.dll
Task: {014485B2-1EA6-4E87-9154-FF660C4F9621} - \RocketTab No Task File <==== ATTENTION
Task: {4129FE01-8AC1-411D-A304-CFDF31D5261F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-24] (Google Inc.)
Task: {9C7C1698-1DD7-4100-827F-4DE3BD5C4F6A} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {A4A82D4B-87D8-4D3B-A8A9-BD615ABACE11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-24] (Google Inc.)
Task: {AF717423-41F5-4595-A305-9952918370EB} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {D686EAFB-DCFB-4F49-873B-6D4B8A87DEE9} - \Advanced-System Protector_startup No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Users\Lisa\OneDrive:ms-properties
HKU\S-1-5-21-746983125-3766845642-939562213-1002\...\StartupApproved\Run: => "RebateInformer"
EmptyTemp:
Reboot:
 
 
*****************
 
HKU\S-1-5-21-746983125-3766845642-939562213-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A963AF10D41C891DDF74F25191F896A3 => value deleted successfully.
"c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" => Value Data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"c:\progra~2\searchprotect" => File/Directory not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-746983125-3766845642-939562213-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-746983125-3766845642-939562213-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D262E043-5C03-4F7C-9174-4D71F95003F2}" => Key deleted successfully.
HKCR\CLSID\{D262E043-5C03-4F7C-9174-4D71F95003F2} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D262E043-5C03-4F7C-9174-4D71F95003F2}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D262E043-5C03-4F7C-9174-4D71F95003F2} => Key not found. 
HKU\S-1-5-21-746983125-3766845642-939562213-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-746983125-3766845642-939562213-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => Key deleted successfully.
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => Key not found. 
"HKU\S-1-5-21-746983125-3766845642-939562213-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D262E043-5C03-4F7C-9174-4D71F95003F2}" => Key deleted successfully.
HKCR\CLSID\{D262E043-5C03-4F7C-9174-4D71F95003F2} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}" => Key deleted successfully.
"HKCR\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. 
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. 
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} => Key not found. 
"HKCR\Wow6432Node\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. 
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. 
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. 
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox newtab deleted successfully.
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2 => Key not found. 
"C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll" => not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2 => Key not found. 
"C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.71.2 => Key not found. 
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2 => Key not found. 
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\searchplugins\ask-search.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\searchplugins\inbox-search.xml => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\Extensions\K@M12ch0OR.edu => Moved successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\Extensions\siteranker@siteranker.com => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\siteranker@siteranker.com => value deleted successfully.
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\extensions\toolbar_ORJ-SPE@apn.ask.com.xpi not found.
FF Extension: No Name - toolbar_ORJ-SPE@apn.ask.com [Not Found] not found.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc => Moved successfully.
"C:\Users\Lisa\AppData\Local\Temp\APNSetup.exe" => File/Directory not found.
"C:\Users\Lisa\AppData\Local\Temp\COMAP.EXE" => File/Directory not found.
"C:\Users\Lisa\AppData\Local\Temp\ff6609_setup.exe" => File/Directory not found.
"C:\Users\Lisa\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Lisa\AppData\Local\Temp\OptimizerPro.exe" => File/Directory not found.
"C:\Users\Lisa\AppData\Local\Temp\System.Data.SQLite.dll" => File/Directory not found.
"C:\Users\Lisa\AppData\Local\Temp\System.Data.SQLite32e7235c-fe5d-47c4-8c9f-9ee43a02799c.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{014485B2-1EA6-4E87-9154-FF660C4F9621}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{014485B2-1EA6-4E87-9154-FF660C4F9621}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4129FE01-8AC1-411D-A304-CFDF31D5261F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4129FE01-8AC1-411D-A304-CFDF31D5261F}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C7C1698-1DD7-4100-827F-4DE3BD5C4F6A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C7C1698-1DD7-4100-827F-4DE3BD5C4F6A}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4A82D4B-87D8-4D3B-A8A9-BD615ABACE11}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4A82D4B-87D8-4D3B-A8A9-BD615ABACE11}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AF717423-41F5-4595-A305-9952918370EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF717423-41F5-4595-A305-9952918370EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D686EAFB-DCFB-4F49-873B-6D4B8A87DEE9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D686EAFB-DCFB-4F49-873B-6D4B8A87DEE9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced-System Protector_startup" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"C:\Users\Lisa\OneDrive" => ":ms-properties" ADS not found.
HKU\S-1-5-21-746983125-3766845642-939562213-1002\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-746983125-3766845642-939562213-1002\...\StartupApproved\Run: => "RebateInformer" => Value not found.
EmptyTemp: => Removed 168.1 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:46:57 ====
Link to post
Share on other sites

Ron,

 

Below is the info requested.

 

Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Lisa (administrator) on LISASPC on 31-12-2014 10:36:16
Running from C:\Users\Lisa\Desktop
Loaded Profile: Lisa (Available profiles: Lisa)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Crawler, LLC) C:\Program Files (x86)\SiteRanker\SiteRankTray.exe
(Crawler.com) C:\Program Files (x86)\OnlineVault\OVTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-12] (Realtek Semiconductor)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
HKLM-x32\...\Run: [siteRanker] => C:\Program Files (x86)\SiteRanker\SiteRankTray.exe [1084888 2014-09-19] (Crawler, LLC)
HKLM-x32\...\Run: [Online Vault] => C:\Program Files (x86)\OnlineVault\OVTray.exe [369000 2014-05-21] (Crawler.com)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13081
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-746983125-3766845642-939562213-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\Lisa\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF Extension: snipsmart 1.0.1 - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\Extensions\{7a3b1fa0-6acc-4a4a-9930-456a27e1b6c1}.xpi [2014-12-18]
FF Extension: No Name - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\74djfa8d.default\extensions\toolbar_ORJ-SPE@apn.ask.com.xpi [Not Found]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://google.com/
CHR StartupUrls: Profile 1 -> "hxxp://google.com/"
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (snipsmart) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kehpbbgolhfcmdgfnjfnclepfhpmjjkf [2014-12-18]
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-17]
CHR Extension: (HeadlineAlley) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\amogncdhclnhneejdfggljpdgigffhfi [2014-12-17]
CHR Extension: (Google Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17]
CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-18]
CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17]
CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17]
CHR Extension: (Zwinky) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ehjkfdmkpocpileolmldepapdjbfegei [2014-12-17]
CHR Extension: (Google Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-17]
CHR Extension: (RadioRage) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ffiohgnekoikpmbilaclfihhhaglmbei [2014-12-17]
CHR Extension: (Elite Unzip) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2014-12-17]
CHR Extension: (Bible Homepage) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hfjgekpddapedobkjbmeefnjofabigbi [2014-12-17]
CHR Extension: (ArcadeYum) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmbmildjdmppofnohldicmnkojfhggmb [2014-12-17]
CHR Extension: (Webfetti) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmpchpgemlpnbapjajinolkefniihpod [2014-12-17]
CHR Extension: (Recipe Hub) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfpcpilhpbdgmnfaoonnnofhdmcbejhh [2014-12-17]
CHR Extension: (Google Wallet) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-18]
CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-11-24] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-07] (Windows ® Win 7 DDK provider)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-12] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
S3 AX88179; C:\Windows\system32\DRIVERS\ax88179_178a.sys [70104 2013-07-08] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 16:46 - 2014-12-30 16:46 - 00000000 ____D () C:\Users\Lisa\Desktop\FRST-OlderVersion
2014-12-30 16:42 - 2014-12-30 16:42 - 00008107 _____ () C:\Users\Lisa\Downloads\fixlist.txt
2014-12-30 16:34 - 2014-12-30 16:34 - 00448512 _____ (OldTimer Tools) C:\Users\Lisa\Downloads\TFC.exe
2014-12-30 16:32 - 2014-12-30 16:32 - 00004409 _____ () C:\Users\Lisa\Desktop\JavaRa.log
2014-12-30 16:32 - 2014-12-30 16:32 - 00004409 _____ () C:\JavaRa.log
2014-12-30 16:29 - 2014-12-30 16:30 - 00000000 ____D () C:\Users\Lisa\Desktop\RemoveJava
2014-12-30 16:29 - 2014-12-30 16:29 - 00165800 _____ () C:\Users\Lisa\Downloads\JavaRa-1.16-20-1-14.zip
2014-12-30 16:18 - 2014-12-30 16:18 - 00002248 _____ () C:\Users\Lisa\Desktop\mawb2.txt
2014-12-30 15:20 - 2014-12-30 15:20 - 00000000 ____D () C:\Windows\ERDNT
2014-12-30 15:19 - 2014-12-30 15:19 - 00791393 _____ (Lars Hederer ) C:\Users\Lisa\Downloads\erunt-setup.exe
2014-12-30 15:19 - 2014-12-30 15:19 - 00000896 _____ () C:\Users\Lisa\Desktop\NTREGOPT.lnk
2014-12-30 15:19 - 2014-12-30 15:19 - 00000877 _____ () C:\Users\Lisa\Desktop\ERUNT.lnk
2014-12-30 15:19 - 2014-12-30 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-12-30 15:19 - 2014-12-30 15:19 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-12-30 15:12 - 2014-12-30 15:13 - 00001996 _____ () C:\Users\Lisa\Desktop\Rkill.txt
2014-12-30 15:11 - 2014-12-30 15:11 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Lisa\Downloads\rkill.exe
2014-12-30 15:11 - 2014-12-30 15:11 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Lisa\Downloads\rkill (1).exe
2014-12-22 19:35 - 2014-12-31 10:36 - 00014505 _____ () C:\Users\Lisa\Desktop\FRST.txt
2014-12-22 19:34 - 2014-12-22 19:35 - 00029773 _____ () C:\Users\Lisa\Downloads\Addition.txt
2014-12-22 19:33 - 2014-12-22 19:35 - 00037702 _____ () C:\Users\Lisa\Downloads\FRST.txt
2014-12-22 19:32 - 2014-12-31 10:36 - 00000000 ____D () C:\FRST
2014-12-22 19:32 - 2014-12-30 16:46 - 02123264 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2014-12-22 19:13 - 2014-12-22 19:13 - 00022512 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-12-22 19:11 - 2014-12-22 19:11 - 00085668 _____ () C:\Users\Lisa\Desktop\maeb.txt
2014-12-22 18:44 - 2014-12-22 18:44 - 00001074 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-22 18:43 - 2014-12-22 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-22 18:42 - 2014-12-22 18:42 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Lisa\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-22 18:32 - 2012-04-16 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMBC.DLL
2014-12-18 23:30 - 2014-12-30 16:48 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-18 23:30 - 2014-12-18 23:30 - 00012288 _____ () C:\Windows\system32\umstartup.etl
2014-12-18 18:32 - 2014-12-18 21:09 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-18 15:23 - 2014-12-18 15:23 - 00819176 _____ (Google Inc.) C:\Users\Lisa\Desktop\Setup_product_2937.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00000000 ____D () C:\Users\Lisa\Documents\ProPCCleaner
2014-12-18 15:22 - 2014-12-18 15:22 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Pro_PC_Cleaner
2014-12-18 14:42 - 2014-12-30 16:19 - 00000000 ____D () C:\ProgramData\WowCoouapaon
2014-12-18 14:41 - 2014-12-18 14:42 - 00000000 ____D () C:\ProgramData\7a7316e834570c5b
2014-12-18 14:31 - 2014-12-18 14:31 - 00000000 ____D () C:\Program Files (x86)\mozilla firefox
2014-12-17 22:08 - 2014-12-18 15:34 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
2014-12-17 22:05 - 2014-12-17 22:06 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\OnlineVault
2014-12-17 22:05 - 2014-12-17 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
2014-12-17 22:05 - 2014-12-17 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Vault
2014-12-17 22:05 - 2014-12-17 22:05 - 00000000 ____D () C:\Program Files (x86)\OnlineVault
2014-12-17 22:04 - 2014-12-30 16:22 - 00000000 ____D () C:\Program Files (x86)\SiteRanker
2014-12-15 18:12 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-15 18:12 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-10 18:24 - 2014-12-10 18:24 - 00000000 ____D () C:\ProgramData\8823421281515277403
2014-12-09 21:05 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 21:05 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 21:01 - 2014-12-09 21:01 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-09 18:52 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-09 18:52 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-09 18:37 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 18:37 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 18:37 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 18:37 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 18:37 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 18:37 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 18:37 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 18:37 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-09 18:37 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-09 18:37 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 18:37 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 18:37 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-09 18:37 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-09 18:37 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-09 18:37 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-09 18:37 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-09 18:37 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-09 18:36 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 18:36 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 18:36 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 18:36 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 18:36 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 18:36 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 18:36 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 18:36 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 18:36 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 18:36 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 18:36 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-09 18:36 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-09 18:36 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 18:36 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 18:36 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 18:36 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-09 18:36 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-09 18:36 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-09 18:36 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 18:36 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 18:36 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 18:36 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 18:36 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 18:36 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 18:36 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-09 18:36 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 18:36 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 18:36 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-09 18:36 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 18:36 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-09 18:36 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 18:36 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 18:36 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 18:36 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 18:36 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 18:36 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 18:36 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 18:36 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 18:36 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 10:23 - 2014-10-24 18:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 10:03 - 2014-09-17 17:24 - 02085283 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 10:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-31 07:38 - 2014-09-17 17:48 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{54D26DBD-24CB-4200-9FAB-1CB0512B54CD}
2014-12-30 20:47 - 2014-09-17 17:46 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-746983125-3766845642-939562213-1002
2014-12-30 16:51 - 2014-09-17 17:43 - 00000000 ____D () C:\Users\Lisa\Documents\Youcam
2014-12-30 16:48 - 2014-09-23 20:20 - 00159232 ___SH () C:\Users\Lisa\Desktop\Thumbs.db
2014-12-30 16:48 - 2014-09-17 17:44 - 00000000 __RDO () C:\Users\Lisa\OneDrive
2014-12-30 16:47 - 2014-08-06 20:05 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-12-30 16:47 - 2014-03-18 04:44 - 00360732 _____ () C:\Windows\PFRO.log
2014-12-30 16:47 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 16:47 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-30 16:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-30 16:22 - 2014-08-06 20:14 - 01275338 _____ () C:\Windows\SysWOW64\rootpa.e2e
2014-12-30 16:21 - 2014-09-17 17:40 - 00000000 ____D () C:\Users\Lisa\AppData\Local\VirtualStore
2014-12-30 16:20 - 2014-09-25 11:52 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForLisa.job
2014-12-30 16:20 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Help
2014-12-30 15:25 - 2014-09-24 17:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 15:17 - 2014-03-18 04:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 15:16 - 2013-08-22 09:46 - 00027258 _____ () C:\Windows\setupact.log
2014-12-28 19:49 - 2014-09-25 11:52 - 00003156 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLisa
2014-12-28 19:48 - 2014-10-02 11:01 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-28 19:48 - 2014-10-02 11:00 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-28 19:43 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-26 10:48 - 2014-09-17 17:40 - 00000000 ____D () C:\Users\Lisa
2014-12-22 19:34 - 2014-09-18 10:25 - 00610304 ___SH () C:\Users\Lisa\Downloads\Thumbs.db
2014-12-22 19:31 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-22 18:44 - 2014-09-24 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-19 12:14 - 2013-08-22 08:25 - 00000301 _____ () C:\Windows\win.ini
2014-12-19 08:16 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-18 23:17 - 2014-09-17 17:40 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Packages
2014-12-18 15:34 - 2014-09-24 18:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-13 11:24 - 2014-08-07 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 11:22 - 2014-08-07 18:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 11:22 - 2014-08-07 18:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-10 10:21 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-12-09 21:02 - 2014-09-20 15:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-09 21:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-09 21:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-09 21:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-09 19:14 - 2014-09-20 10:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 19:14 - 2014-08-07 18:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 19:06 - 2014-09-20 10:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 13:23 - 2014-10-24 18:33 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-06 13:32 - 2014-11-15 17:23 - 00000000 ____D () C:\Users\Lisa\Downloads\Amish Friendship Bread Starter Recipe - Allrecipes.com_files
2014-12-06 13:32 - 2014-09-23 20:18 - 00000000 ____D () C:\Users\Lisa\Downloads\New folder
2014-12-06 13:10 - 2014-08-06 20:21 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-06 12:53 - 2014-11-26 19:20 - 00000000 ____D () C:\Program Files (x86)\OpenSoftwareUpdater
2014-12-06 12:53 - 2013-08-22 09:44 - 00482536 _____ () C:\Windows\system32\FNTCACHE.DAT
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-30 20:48
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Lisa at 2014-12-31 10:37:40
Running from C:\Users\Lisa\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7536C341-2F7D-EFE6-F521-DEBE68B025C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Elite Unzip (HKLM-x32\...\Elite Unzip) (Version: 1.1.7640.260 - Mindspark Interactive Network) <==== ATTENTION
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
grillaprice (HKLM-x32\...\grillaprice) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Online Vault (HKLM-x32\...\{FE60B87C-63A2-4A45-AC06-FFEFD5DB7846}_is1) (Version:  - Crawler, LLC)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1500}) (Version: 12.21.0.114 - APN, LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SiteRanker (HKLM-x32\...\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1) (Version: 1.0.0.139 - Crawler, LLC) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-746983125-3766845642-939562213-1002\...\ZoomUMX) (Version: 3.0 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-11-2014 11:07:28 Scheduled Checkpoint
06-12-2014 16:29:04 Scheduled Checkpoint
09-12-2014 18:54:34 Windows Update
13-12-2014 11:19:44 Windows Update
19-12-2014 08:14:46 Windows Update
30-12-2014 16:27:13 Removed Java 7 Update 67 (64-bit)
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {08CDD6D7-C5B2-455A-9B90-FD255877E9F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {32B7BD58-CFB3-47AF-8670-8DEF4E57EE19} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {6A490F10-E0F8-410E-B158-75B8967D2066} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6AC696E1-0464-42B3-9371-4D05B7B52790} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {774E5B5D-5FD2-45B9-AAA7-3D3A78C0E5C1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7D29F9ED-2142-44D1-8B43-4AA02DC9B8D1} - System32\Tasks\HPCeeScheduleForLisa => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8A8912BF-2520-4FCE-9BB3-83057F384DE0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-09] (Microsoft Corporation)
Task: {9957469B-6F92-4A89-ABAF-7D8760B1DBBE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {B068702F-05AF-4627-BA65-E7FFD7FBAA4B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {BB57F593-8C3B-454C-A738-0E204E836FAF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-13] (Synaptics Incorporated)
Task: {CBB34D68-D156-4F3B-BE52-BAA8523903DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {E057D60A-64DE-4078-9367-21F2C13F31C3} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLisa.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-17 17:38 - 2014-04-17 17:38 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-04-17 17:37 - 2014-04-17 17:37 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-06 20:26 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-18 15:23 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-18 15:23 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-18 15:23 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-18 15:23 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-18 15:23 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Lisa\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-746983125-3766845642-939562213-1002\...\StartupApproved\Run: => "RebateInformer"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-746983125-3766845642-939562213-500 - Administrator - Disabled)
Guest (S-1-5-21-746983125-3766845642-939562213-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-746983125-3766845642-939562213-1004 - Limited - Enabled)
Lisa (S-1-5-21-746983125-3766845642-939562213-1002 - Administrator - Enabled) => C:\Users\Lisa
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/31/2014 03:05:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/30/2014 04:16:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5109
 
Error: (12/30/2014 04:16:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5109
 
Error: (12/30/2014 04:16:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/30/2014 04:16:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3671
 
Error: (12/30/2014 04:16:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3671
 
Error: (12/30/2014 04:16:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/30/2014 04:16:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2234
 
Error: (12/30/2014 04:16:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2234
 
Error: (12/30/2014 04:16:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (12/30/2014 08:48:10 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume32
 
Error: (12/30/2014 04:35:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The tbaseprovisioning service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/30/2014 04:17:21 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume E:.
 
A corruption was found in a file system index structure.  The file reference number is 0x10000000005fd.  The name of the file is "\pictures\kelsey".  The corrupted index attribute is ":$I30:$INDEX_ROOT".  The corrupted index block is located at Vcn 0xffffffffffffffff, Lcn 0xffffffffffffffff.  The corruption begins at offset 136 within the index block.
 
Error: (12/30/2014 03:16:43 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume E:.
 
A corruption was found in a file system index structure.  The file reference number is 0x1000000000617.  The name of the file is "\pictures\kelsey\New folder\facebook".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (12/19/2014 02:34:02 PM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 02:34:02 PM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 00:33:36 PM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 00:33:36 PM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 11:34:24 AM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/19/2014 11:34:24 AM) (Source: DCOM) (EventID: 10016) (User: LISASPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}LisaspcLisaS-1-5-21-746983125-3766845642-939562213-1002LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (12/31/2014 03:05:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\onlinevault\OVShell64.dll
 
Error: (12/30/2014 04:16:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5109
 
Error: (12/30/2014 04:16:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5109
 
Error: (12/30/2014 04:16:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/30/2014 04:16:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3671
 
Error: (12/30/2014 04:16:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3671
 
Error: (12/30/2014 04:16:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/30/2014 04:16:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2234
 
Error: (12/30/2014 04:16:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2234
 
Error: (12/30/2014 04:16:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-31 03:05:13.672
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-30 21:04:54.658
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-30 21:04:54.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-30 21:04:53.970
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-30 21:04:53.689
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-30 21:04:23.298
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-30 21:04:22.986
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-30 21:04:22.595
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-30 21:04:22.251
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-30 21:04:21.845
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics 
Percentage of memory in use: 41%
Total physical RAM: 3545.08 MB
Available physical RAM: 2061.08 MB
Total Pagefile: 4697.08 MB
Available Pagefile: 2932.55 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:427.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:1863.02 GB) (Free:1833.55 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FB124078)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 1A9BB3E7)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

You need to run a full disk check on the E: drive (but this can take a LONG time to complete. Possibly overnight.)

 


Error: (12/30/2014 04:17:21 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume E:.
 
A corruption was found in a file system index structure.  The file reference number is 0x10000000005fd.  The name of the file is "\pictures\kelsey".  The corrupted index attribute is ":$I30:$INDEX_ROOT".  The corrupted index block is located at Vcn 0xffffffffffffffff, Lcn 0xffffffffffffffff.  The corruption begins at offset 136 within the index block.

 

Click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator" and type in the following.

 

 

CHKDSK   C:   /R

 

It will say the drive is locked and ask if you want to run on restart. Press the Y key and the Enter key.

 

Now type in the following and and have it check our external hard drive for errors.

 

 

CHKDSK   E:   /R

 

 

That one may run without a reboot. In either case once the E: drive check is done then restart the computer and let it check the C: volume.

 

Then after both drives have been scanned and fixed run the following.

 

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

Ron,

 

The E drive was an external drive I had attached to the computer and backed up her  files.  I did run the chkdsk on both drives and have removed the E drive from this computer. TDSSKiller came up clean.  The biggest problem I see at this time is when using Google Chrome and press the mouse button I get a popup advertisement.

 

Thanks,

Link to post
Share on other sites

  • Root Admin

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.
 

Link to post
Share on other sites

  • Root Admin

Sorry about that - the system did not alert me to your reply. We may be done here now but let me get a look at this scan first please. Send me a PM reminder if I've not replied within 24 hours.

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

Ron,

 

Attached is the log you requested.  I do have a question on the following programs she installed and if I can just uninstall them through the control panel:

 

grillaprice

online vault

siteranker

search app by ask

 

Thanks

 

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.95) 
 Google Chrome (update.dll..) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 OnlineVault OVTray.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

  • Root Admin

It may just not read it correctly for some reason. You can ignore it then.

 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

  • 4 months later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.