Jump to content

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by HPa6207c (administrator) on HPA6207C-PC on 09-01-2015 10:34:25
Running from C:\Users\HPa6207c\Downloads
Loaded Profiles: HPa6207c &  (Available profiles: HPa6207c)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
() C:\Program Files\Netgear\VISTA_GA311\GA311.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Farbar) C:\Users\HPa6207c\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [] => [X]
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM\...\RunOnce: [import FF:0] => "C:\Users\HPa6207c\AppData\Local\GeniusBox\Resources\certutil.exe" -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\HPa6207c\AppData\Local\GeniusBox\TrustedRoot.cer" -d "C:\Users\HPa6207 (the data entry has 60 more characters).
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\Run: [TapiMobilecuda] => rundll32.exe "C:\Users\HPa6207c\AppData\Roaming\TapiMobilecuda\TapiMobilecuda.dll",hcwCommsSpi wkwMobileEnum <===== ATTENTION
HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\Run: [Adobe CSS5.1 Manager] => C:\Users\HPa6207c\AppData\Local\40686edc-bacc-45e8-b616-21c66ce3ff9dad\edcbaccebcceffdad.exe <===== ATTENTION
HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\Policies\Explorer\Run: [edcbaccebcceffdad] => C:\Users\HPa6207c\AppData\Local\40686edc-bacc-45e8-b616-21c66ce3ff9dad\edcbaccebcceffdad.exe
HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\MountPoints2: {8ad27847-c8dc-11e0-9f3d-001bfcd1c6db} - L:\TL-Bootstrap.exe
HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\MountPoints2: {b4c0d742-b575-11e0-ae87-806e6f6e6963} - D:\AutoRun.exe autoLaunch
HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\MountPoints2: {ba1c8fa6-2bc9-11e1-8cf8-001bfcd1c6db} - L:\TL-Bootstrap.exe
HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\MountPoints2: {bd132afb-c0a5-11e1-afdf-001bfcd1c6db} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\Setup.exe
HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\MountPoints2: {edc12d6e-27b3-11e3-b43a-001bfcd1c6db} - G:\WIN\setup.exe
HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TapiMobilecuda] => rundll32.exe "C:\Users\HPa6207c\AppData\Roaming\TapiMobilecuda\TapiMobilecuda.dll",hcwCommsSpi wkwMobileEnum <===== ATTENTION
HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe CSS5.1 Manager] => C:\Users\HPa6207c\AppData\Local\40686edc-bacc-45e8-b616-21c66ce3ff9dad\edcbaccebcceffdad.exe <===== ATTENTION
HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer\Run: [edcbaccebcceffdad] => C:\Users\HPa6207c\AppData\Local\40686edc-bacc-45e8-b616-21c66ce3ff9dad\edcbaccebcceffdad.exe
HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8ad27847-c8dc-11e0-9f3d-001bfcd1c6db} - L:\TL-Bootstrap.exe
HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b4c0d742-b575-11e0-ae87-806e6f6e6963} - D:\AutoRun.exe autoLaunch
HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ba1c8fa6-2bc9-11e1-8cf8-001bfcd1c6db} - L:\TL-Bootstrap.exe
HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bd132afb-c0a5-11e1-afdf-001bfcd1c6db} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\Setup.exe
HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {edc12d6e-27b3-11e3-b43a-001bfcd1c6db} - G:\WIN\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk
ShortcutTarget: GA311 Smart Wizard Utility.lnk -> C:\Program Files\Netgear\VISTA_GA311\G311.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?ncid=customie9
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?ncid=customie9
HKU\S-1-5-21-2481670651-164271405-2230307000-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?ncid=customie9
HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?ncid=customie9
SearchScopes: HKU\.DEFAULT -> {F42D4712-298F-4502-8668-7B9940C3FB00} URL = http://www.basicseek.com/?prt=BASICSEEK111&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2481670651-164271405-2230307000-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-2481670651-164271405-2230307000-1000 -> {ED919A4A-F307-4B20-86FD-47B3C66B6609} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20141146,20028,0,101,0
SearchScopes: HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ED919A4A-F307-4B20-86FD-47B3C66B6609} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20141146,20028,0,101,0
BHO: HP Print Clips -> {053F9267-DC04-4294-A72C-58F732D338C0} -> C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: ooVoo Toolbar Helper -> {92B514FD-A316-4736-99EB-2A6532D02E7D} -> C:\Program Files\ooVoo Toolbar\Toolbar32.dll (ooVoo LLC)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ooVoo Toolbar - {3D475351-3508-4de9-A7C0-B0CEB0859FBE} - C:\Program Files\ooVoo Toolbar\Toolbar32.dll (ooVoo LLC)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2481670651-164271405-2230307000-1000 -> AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\HPa6207c\AppData\Roaming\Mozilla\Firefox\Profiles\edk6sszy.default-1414334746205
FF NewTab: hxxp://www.aol.com/?mtmhp=hyplogusaolp00000084&tb_uuid=2E9D4C921A39E9D6B29AD77E3950705C
FF DefaultSearchUrl: hxxp://search.aol.com/search/search?q={searchTerms}&s_it=customfirefoxright-ff&s_qt=sb&tb_uuid=2E9D4C921A39E9D6B29AD77E3950705C&tb_oid=08-01-2015&tb_mrud=08-01-2015
FF SelectedSearchEngine: AOL Search
FF Homepage: hxxp://www.aol.com/?mtmhp=hyplogusaolp00000003
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2481670651-164271405-2230307000-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\HPa6207c\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\HPa6207c\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll (Tamarack Software, Inc.)
FF Extension: AOL Toolbar - C:\Users\HPa6207c\AppData\Roaming\Mozilla\Firefox\Profiles\edk6sszy.default-1414334746205\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2007-01-07]
FF Extension: AOL OneClick - C:\Users\HPa6207c\AppData\Roaming\Mozilla\Firefox\Profiles\edk6sszy.default-1414334746205\Extensions\homepage.extension@aol.com.xpi [2007-01-01]
FF Extension: Hold Page 1.0.1 - C:\Users\HPa6207c\AppData\Roaming\Mozilla\Firefox\Profiles\edk6sszy.default-1414334746205\Extensions\{6310ae72-5ac2-46cd-927a-34b0768d4ef6}.xpi [2014-11-29]
FF Extension: BasicSeek - C:\Program Files\Mozilla Firefox\extensions\{40D65E82-75AC-47CA-8A73-1CEDC2668EFF} [2014-11-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-07-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-16]
FF HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\Firefox\Extensions: [{1266764D-FC4F-4FA7-B63B-884D53B1680F}] - C:\Users\HPa6207c\AppData\Roaming\NetAssistant
FF Extension: Freeze.com NetAssistant - C:\Users\HPa6207c\AppData\Roaming\NetAssistant [2011-08-15]
FF HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{1266764D-FC4F-4FA7-B63B-884D53B1680F}] - C:\Users\HPa6207c\AppData\Roaming\NetAssistant

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\HPa6207c\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\HPa6207c\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-10-10]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-05-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 UDisk Monitor; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{17a8deb3-06ef-ba25-e198-3a36828d9534}\   \...\???\{17a8deb3-06ef-ba25-e198-3a36828d9534}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-05-03] (Avanquest Software) [File not signed]
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-10] ()
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [106496 2011-05-09] (Incorporated)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [28160 2007-02-05] (Windows ® Codename Longhorn DDK provider)
S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [39632 2010-05-17] ()
R3 swvspser; C:\Windows\System32\DRIVERS\swvspser.sys [30080 2009-08-13] (Sierra Wireless Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 qhsn; System32\drivers\lhvage.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 10:31 - 2015-01-09 10:32 - 01115648 _____ (Farbar) C:\Users\HPa6207c\Downloads\FRST(1).exe
2015-01-08 20:24 - 2015-01-08 20:24 - 00061831 _____ () C:\Users\HPa6207c\Downloads\FRST(1).txt
2015-01-08 20:15 - 2015-01-08 20:31 - 00000000 ____D () C:\AdwCleaner
2015-01-08 20:12 - 2015-01-08 20:13 - 02191360 _____ () C:\Users\HPa6207c\Downloads\AdwCleaner.exe
2014-12-26 19:01 - 2014-12-26 19:03 - 11447608 _____ (Microsoft Corporation) C:\Users\HPa6207c\Downloads\mseinstall.exe
2014-12-26 18:44 - 2014-12-26 18:47 - 16448208 _____ (Malwarebytes Corp.) C:\Users\HPa6207c\Downloads\mbar-1.08.2.1001(2).exe
2014-12-26 08:55 - 2014-12-26 08:57 - 16448208 _____ (Malwarebytes Corp.) C:\Users\HPa6207c\Downloads\mbar-1.08.2.1001.exe
2014-12-26 08:53 - 2014-12-26 08:53 - 04909382 _____ () C:\Users\HPa6207c\Downloads\mbam-chameleon-3.1.7.0(1).zip
2014-12-26 08:52 - 2014-12-26 08:52 - 00204496 _____ (Malwarebytes) C:\Users\HPa6207c\Downloads\startuplite-setup-1.07.exe
2014-12-26 08:51 - 2014-12-26 08:51 - 00167034 _____ () C:\Users\HPa6207c\Downloads\fileassassin-setup-1.06(1).exe
2014-12-22 06:51 - 2014-12-22 06:51 - 00023839 _____ () C:\Users\HPa6207c\Documents\BAHAMAS 2016.xml
2014-12-19 07:45 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-19 07:37 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-19 06:48 - 2014-12-19 06:48 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-12-19 06:23 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-15 21:38 - 2014-12-15 21:55 - 00034138 _____ () C:\Users\HPa6207c\Downloads\Addition.txt
2014-12-15 21:13 - 2015-01-09 10:34 - 00024034 _____ () C:\Users\HPa6207c\Downloads\FRST.txt
2014-12-15 21:12 - 2015-01-09 10:36 - 00000000 ____D () C:\FRST
2014-12-15 21:11 - 2014-12-15 21:11 - 01111040 _____ (Farbar) C:\Users\HPa6207c\Downloads\FRST.exe
2014-12-15 21:02 - 2014-12-15 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-12-15 21:01 - 2014-12-15 21:03 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-12-15 21:01 - 2014-12-15 21:01 - 02967032 _____ (Malwarebytes ) C:\Users\HPa6207c\Downloads\mbae-setup-1.05.1.1016.exe
2014-12-15 21:01 - 2014-12-15 21:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-12-15 20:55 - 2014-12-15 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-12-15 20:55 - 2014-12-15 20:55 - 00000000 ____D () C:\Program Files\FileASSASSIN
2014-12-15 20:54 - 2014-12-15 20:54 - 00167034 _____ () C:\Users\HPa6207c\Downloads\fileassassin-setup-1.06.exe
2014-12-15 20:52 - 2014-12-15 20:52 - 00065232 _____ (Malwarebytes) C:\Users\HPa6207c\Downloads\regassassin-setup-1.03.exe
2014-12-15 20:50 - 2014-12-15 20:51 - 04909382 _____ () C:\Users\HPa6207c\Downloads\mbam-chameleon-3.1.7.0.zip
2014-12-15 20:05 - 2014-12-15 20:09 - 16448208 _____ (Malwarebytes Corp.) C:\Users\HPa6207c\Downloads\mbar-1.08.2.1001(1).exe
2014-12-15 20:00 - 2014-12-15 20:00 - 00020247 _____ () C:\Users\HPa6207c\Desktop\DO NOT REMOVE THE STRAINER FROM THE BOTTOM OF THE SINK.xml
2014-12-15 06:45 - 2014-12-15 06:45 - 00000000 __SHD () C:\found.002
2014-12-14 21:00 - 2014-12-16 21:32 - 00012857 _____ () C:\Users\HPa6207c\Documents\one crazy friday.xml
2014-12-13 23:23 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-13 23:23 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 23:23 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 23:23 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 23:23 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-13 23:23 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 23:23 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-13 23:23 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 23:23 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 23:23 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-13 23:23 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 23:23 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-13 23:23 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 23:23 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 23:23 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 23:23 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-13 23:23 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-13 23:22 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 23:22 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 23:22 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 23:22 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 23:22 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 18:18 - 2015-01-09 09:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-13 18:18 - 2014-12-13 18:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-13 18:18 - 2014-12-13 18:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 10:26 - 2011-10-10 15:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 10:26 - 2011-10-10 15:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 10:10 - 2011-08-17 15:00 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481670651-164271405-2230307000-1000UA.job
2015-01-09 10:00 - 2013-08-16 08:07 - 00000346 ____H () C:\Windows\Tasks\{69068F47-EDDF-41DD-9409-E6965D22AE2C}.job
2015-01-09 09:04 - 2006-11-02 07:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 09:04 - 2006-11-02 07:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 07:09 - 2008-01-20 20:35 - 01077540 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 07:04 - 2014-10-01 19:29 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 07:04 - 2013-06-10 19:41 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-09 07:04 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 07:02 - 2006-11-02 08:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 06:48 - 2012-04-19 16:23 - 00001356 _____ () C:\Users\HPa6207c\AppData\Local\d3d9caps.dat
2015-01-09 06:35 - 2014-10-01 19:25 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 20:42 - 2012-07-30 19:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-08 20:37 - 2008-01-20 21:47 - 00783770 _____ () C:\Windows\PFRO.log
2015-01-08 19:10 - 2011-08-17 15:00 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481670651-164271405-2230307000-1000Core.job
2015-01-08 17:53 - 2011-07-25 08:05 - 00002627 _____ () C:\Users\HPa6207c\Desktop\Microsoft Office Word 2007.lnk
2015-01-07 17:03 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\tracing
2015-01-07 10:05 - 2006-11-02 05:33 - 00821372 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 10:04 - 2006-11-02 05:23 - 00000279 _____ () C:\Windows\win.ini
2015-01-07 10:02 - 2014-11-17 11:29 - 00005599 _____ () C:\Windows\setupact.log
2015-01-04 13:27 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\PLA
2015-01-04 09:39 - 2012-03-01 14:15 - 00000000 ____D () C:\Users\HPa6207c\AppData\Local\CrashDumps
2014-12-29 19:21 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Web
2014-12-28 10:30 - 2011-07-25 08:12 - 00000000 ____D () C:\Users\HPa6207c\AppData\Local\Adobe
2014-12-26 18:53 - 2014-09-16 19:20 - 00000000 ____D () C:\Users\HPa6207c\Desktop\mbar
2014-12-26 08:48 - 2013-09-02 15:09 - 00147498 _____ () C:\Windows\hpoins21.dat
2014-12-26 08:48 - 2011-07-25 16:28 - 00052841 _____ () C:\ProgramData\hpzinstall.log
2014-12-26 06:57 - 2011-07-25 07:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 09:31 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-12-19 09:11 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\twain_32
2014-12-15 20:38 - 2014-09-16 19:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
ZeroAccess:
C:\Users\HPa6207c\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

Files to move or delete:
====================
C:\Users\HPa6207c\jqs.exe
C:\Users\HPa6207c\msconfig.exe
C:\Users\HPa6207c\mstsc.exe
C:\Users\HPa6207c\AppData\Roaming\skype.ini
C:\Windows\Tasks\{69068F47-EDDF-41DD-9409-E6965D22AE2C}.job


Some content of TEMP:
====================
C:\Users\HPa6207c\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\HPa6207c\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\HPa6207c\AppData\Local\Temp\Quarantine.exe
C:\Users\HPa6207c\AppData\Local\Temp\sqlite3.dll
C:\Users\HPa6207c\AppData\Local\Temp\_is958A.exe
C:\Users\HPa6207c\AppData\Local\Temp\_isBA49.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-09 07:12

==================== End Of Log ============================

Link to post
Share on other sites

Additonal.txt information: 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-12-2014 01
Ran by HPa6207c at 2014-12-15 21:38:37
Running from C:\Users\HPa6207c\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
AIO_Scan (Version: 90.0.189.000 - Hewlett-Packard) Hidden
Altova UModel® 2012 rel. 2 sp1 Enterprise Edition (HKLM\...\{29BA9556-4428-49FC-B616-AB0692896621}) (Version: 2012.02.01 - Altova)
Android USB Driver (HKLM\...\Android USB Driver_is1) (Version:  - )
AOL Toolbar (HKLM\...\AOL Toolbar) (Version:  - )
AOL Toolbar (HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\AOL Toolbar) (Version:  - )
AOL Toolbar (HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\AOL Toolbar) (Version:  - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
C4380 (Version: 90.0.189.000 - Hewlett-Packard) Hidden
C4380_doccd (Version: 90.0.189.000 - Hewlett-Packard) Hidden
C4380_Help (Version: 90.0.189.000 - Hewlett-Packard) Hidden
CCScore (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital DJ Pro 1.7.0 (HKLM\...\Digital DJ Pro) (Version: 1.7.0 - The Mixxx Team)
DocProc (Version: 9.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
ESSBrwr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fantapper Browser Plugin (HKLM\...\{30A0F8D9-709B-451C-BFB3-D8559F4797F8}) (Version: 1.0.0 - Brand Affinity Technologies)
Fax (Version: 90.0.146.000 - Hewlett-Packard) Hidden
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP)
HP Photosmart All-In-One Software 9.0 (HKLM\...\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Smart Web Printing (HKLM\...\{415CDA53-9100-476F-A7B2-476691E117C7}) (Version: 2.15.7.0 - Hewlett-Packard)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
IHA_MessageCenter (HKLM\...\{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}) (Version: 1.6.0 - Verizon)
iLivid (Version: 1.92.0.118480 - Bandoo Media Inc.) Hidden <==== ATTENTION
iMesh (HKLM\...\iMesh) (Version: 11.0.0.126053 - iMesh Inc.) <==== ATTENTION
iMesh (Version: 11.0.0.126053 - iMesh Inc.) Hidden <==== ATTENTION
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kgcbaby (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcmove (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcvday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Oasis (HKLM\...\{c6c214df-2922-4809-94aa-f4d67d4451ec}) (Version: 1.0.0 - W3i, LLC)
NetAssistant (Version: 3.6.5 - Freeze.com) Hidden
NetAssistant for Firefox (HKU\S-1-5-21-2481670651-164271405-2230307000-1000\...\NetAssistant 3.6.5) (Version: 3.6.5 - Freeze.com)
NetAssistant for Firefox (HKU\S-1-5-21-2481670651-164271405-2230307000-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\NetAssistant 3.6.5) (Version: 3.6.5 - Freeze.com)
netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
NETGEAR GA311 Gigabit Adapter (HKLM\...\{9E7300DD-08A3-4B3F-AEE1-1450843FE86E}) (Version: 1.00.0000 - Netgear)
Norton Internet Security (Version: 19.1.0.28 - Symantec Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OfotoXMI (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ooVoo Toolbar (HKLM\...\ooVoo Toolbar) (Version: 2.1.0 - ooVoo LLC)
ooVoo toolbar, powered by Ask.com (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.17.7.0 - Ask.com) <==== ATTENTION
PanoStandAlone (Version: 90.0.146.000 - Hewlett-Packard) Hidden
PS_AIO_02_ProductContext (Version: 90.0.189.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 90.0.189.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_min (Version: 90.0.189.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SFR (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
ShakeShot Activator version 1.5 (HKLM\...\{7E7C8AB8-C429-4DA9-95E8-FC0CC732B7B5}_is1) (Version: 1.5 - ShakeShot)
SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Sierra Wireless USB MUX Driver Package (HKLM\...\{5600094C-5EA0-4BE8-9ECE-4C9B726AC9D9}) (Version: 0.60.9 - Sierra Wireless)
skin0001 (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
staticcr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Weather Channel App (HKLM\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
VPRINTOL (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Wincore MediaBar (HKLM\...\Wincore MediaBar) (Version: 4.0.0.2859 - iMesh Inc.) <==== ATTENTION
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows iLivid Toolbar (HKLM\...\Searchqu 406 MediaBar) (Version: 3.0.0.115554 - Bandoo Media, Inc) <==== ATTENTION
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WIRELESS (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2481670651-164271405-2230307000-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\HPa6207c\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2481670651-164271405-2230307000-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\HPa6207c\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2481670651-164271405-2230307000-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\HPa6207c\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2481670651-164271405-2230307000-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\HPa6207c\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

==================== Restore Points  =========================

13-12-2014 23:30:28 Windows Backup
14-12-2014 04:13:41 Windows Update
15-12-2014 01:50:21 Scheduled Checkpoint
16-12-2014 01:37:41 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2014-11-29 20:12 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04CF908A-DB8E-48AA-B343-23BD1D952D6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {0AF4DF50-3D1D-447F-8688-CD2E0469CCC9} - System32\Tasks\Test TimeTrigger => C:\Users\HPa6207c\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {0D2352CA-3C8D-44A1-819D-9BDAEB9A7FC3} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2481670651-164271405-2230307000-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-11-29] (RealNetworks, Inc.)
Task: {58242F2E-253F-4040-AA7B-723D1C65DAC6} - System32\Tasks\{69068F47-EDDF-41DD-9409-E6965D22AE2C} => C:\Users\HPa6207c\AppData\Local\40686edc-bacc-45e8-b616-21c66ce3ff9dad\edcbaccebcceffdad.exe
Task: {5DE5AA9E-5FE4-446F-93E3-88523EA0A4AA} - System32\Tasks\RealCreateProcessScheduledTask1865350S-1-5-21-2481670651-164271405-2230307000-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-12-16] (RealNetworks, Inc.)
Task: {76D537CE-B493-46AA-A3A4-61F75B1558F8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2481670651-164271405-2230307000-1000Core => C:\Users\HPa6207c\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {79680B2B-787F-4AA6-B5C8-AD13EC5932ED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {834FEB34-CF81-485A-B228-E11ACBA28548} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
Task: {A4BE9C79-7137-40B0-B02F-E155D3DA3BF8} - \ASP No Task File <==== ATTENTION
Task: {B61D2F69-5BD2-45B6-8EC6-CEE762710532} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {B845EED6-3243-4B6C-A02F-7C3DA1F3E4C1} - \ArcadeParlor No Task File <==== ATTENTION
Task: {BA9CFBF3-0751-4287-9ECB-D1638925454A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2481670651-164271405-2230307000-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-11-29] (RealNetworks, Inc.)
Task: {C491E3DC-90BD-4CF8-8941-4CEE0473EE23} - System32\Tasks\{31D2E07F-62AE-4CB1-A114-4318EEAA1A4E} => pcalua.exe -a C:\Users\HPa6207c\Downloads\tg74pluginsetup.exe -d "C:\Program Files\Mozilla Firefox"
Task: {D53C63AF-09F2-4D95-9EAE-A04874EB680E} - System32\Tasks\{B4CB958F-1271-440F-AF7E-F0B06E131630} => pcalua.exe -a C:\Users\HPa6207c\AppData\Local\Temp\InstallFlashPlayer.exe -d C:\Users\HPa6207c\Desktop
Task: {D859DAE8-7A7C-401E-8852-B0CD6C361CD8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2481670651-164271405-2230307000-1000UA => C:\Users\HPa6207c\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {E039268D-9ADE-4086-9418-54586353DA59} - \WSE_Vosteran No Task File <==== ATTENTION
Task: {FA7F6865-0334-4065-89A3-60A209A3582C} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-04-30] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481670651-164271405-2230307000-1000Core.job => C:\Users\HPa6207c\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481670651-164271405-2230307000-1000UA.job => C:\Users\HPa6207c\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{69068F47-EDDF-41DD-9409-E6965D22AE2C}.job => C:\Users\HPa6207c\AppData\Local\40686edc-bacc-45e8-b616-21c66ce3ff9dad\edcbaccebcceffdad.exe

==================== Loaded Modules (whitelisted) =============

2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-27 17:24 - 2011-05-12 13:23 - 00512000 _____ () C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
2012-11-29 09:23 - 2007-02-12 22:33 - 00289504 _____ () C:\Program Files\Netgear\VISTA_GA311\GA311.exe
2012-11-29 09:23 - 2007-02-14 14:45 - 00028672 _____ () C:\Program Files\Netgear\VISTA_GA311\VistaRTL8169LibImp.dll
2014-11-10 18:45 - 2014-11-26 01:25 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-13 18:18 - 2014-12-13 18:18 - 16843952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll
2013-04-30 10:57 - 2013-04-30 10:57 - 00137864 _____ () C:\Program Files\Ask.com\UpdateTask.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:03D08225
AlternateDataStreams: C:\ProgramData\TEMP:5F85EE30
AlternateDataStreams: C:\ProgramData\TEMP:6C5EC3CD
AlternateDataStreams: C:\ProgramData\TEMP:908A1B53
AlternateDataStreams: C:\ProgramData\TEMP:AE2EA3C2
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D8F9D810

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-2481670651-164271405-2230307000-500 - Administrator - Disabled)
Guest (S-1-5-21-2481670651-164271405-2230307000-501 - Limited - Disabled)
HPa6207c (S-1-5-21-2481670651-164271405-2230307000-1000 - Administrator - Enabled) => C:\Users\HPa6207c

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2014 08:44:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/15/2014 08:37:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a8e7382d-a2d0-4334-b361-c2f4e7251c4a}

Error: (12/15/2014 05:32:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/15/2014 07:10:30 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: PS_AIO_02_ProductContext -- Error 1606. Could not access network location %APPDATA%\.

Error: (12/15/2014 07:10:30 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: PS_AIO_02_ProductContext -- Error 1606. Could not access network location %APPDATA%\.

Error: (12/15/2014 06:48:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 07:35:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2014 10:56:40 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: File backup failed. The error is: There is not enough space to save the backup files. Free up disk space or change your backup settings. (0x81000005).

Error: (12/13/2014 08:59:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (12/13/2014 08:58:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


System errors:
=============
Error: (12/15/2014 08:45:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Media Player Network Sharing Service%%1053

Error: (12/15/2014 08:45:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Media Player Network Sharing Service

Error: (12/15/2014 08:44:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: cdrom
qhsn

Error: (12/15/2014 08:44:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/15/2014 05:32:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: cdrom
qhsn

Error: (12/15/2014 05:32:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/15/2014 05:32:05 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.7 for the Network Card with network address 00C0A8FE0C81 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/15/2014 05:31:57 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.6 for the Network Card with network address 001BFCD1C6DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/15/2014 06:48:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: cdrom
qhsn

Error: (12/15/2014 06:48:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (09/25/2014 00:58:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 29 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/25/2014 00:57:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 457 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (05/25/2014 01:26:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 358 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (03/06/2014 00:46:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 39 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/06/2014 01:41:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/06/2014 01:40:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 143 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (10/20/2013 02:33:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 155 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (10/11/2013 01:10:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 80 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/18/2013 00:19:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 38 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/14/2013 09:27:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-12-15 21:38:26.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 21:33:09.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 21:33:07.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 21:33:04.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 21:33:01.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 21:32:46.172
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 21:32:43.077
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 21:32:39.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 21:32:38.060
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 21:16:47.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon 64 Processor 3800+
Percentage of memory in use: 88%
Total physical RAM: 1917.82 MB
Available physical RAM: 213.71 MB
Total Pagefile: 4082.13 MB
Available Pagefile: 1793.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:10.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (HP) (Fixed) (Total:363.75 GB) (Free:0.91 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (FACTORY_IMAGE) (Fixed) (Total:8.85 GB) (Free:0.01 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:3.73 GB) (Free:3.58 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: D42AD42A)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 372.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=363.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Next time please upload report per my instructions.
 
 
remove%20outdated.jpg Uninstall some programs
 
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • Download Updater
  • iLivid
  • iMesh
  • ooVoo toolbar
  • Wincore MediaBar
  • Windows iLivid Toolbar

After completing uninstalls, please manually reboot your machine!
 
Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.
 
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 
 
 
 

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.