Jump to content

malware removed but internet still does not connect


nytonc

Recommended Posts

Hi,

 

I am helping my mom clear out her Windows 7 computer that stopped connecting to the internet because of all the adware/malware that was on it. Since her computer can not currently connect to the internet, I downloaded the latest version of malwarebytes and put it on a usb and then used that to install it on her computer in safe mode. I also used ccleaner and tdsskiller in the same way(put on usb, then used it on her computer).

I restarted her computer and although it looks like everything is removed, it still does not connect to the internet and I cannot open malwarebytes . i I booted to linux on a usb, and the internet was able to connect just fine. She does not know when the last time her internet worked, and I was unable to successfully find a restart point to go back to where it did work. I feel like i am missing a big malware because it wont connect to internet in win7, please help.

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Owner (administrator) on OWNER-HP (02-11-2015 15:45:39)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Appcaster) C:\Program Files (x86)\Mobile App Sync\D2MClient.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-08-19] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-16] (Power Software Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [speedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [MobileAppSync] => C:\Program Files (x86)\Mobile App Sync\D2MClient.exe [332800 2013-12-16] (Appcaster)
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [ares] => "C:\Program Files (x86)\Ares\Ares.exe" -h
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [5673824 2014-08-07] (PC Drivers Headquarters)
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\MountPoints2: G - G:\Autorun.exe
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\bservice.exe: [Debugger] tasklist.exe
IFEO\bservice64.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
IFEO\patch_ff.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\SafeFinder.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\search_protect.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-02]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2207880224-1610313754-884784625-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [s-1-5-21-2207880224-1610313754-884784625-1000] => http=127.0.0.1:49255;https=127.0.0.1:49255
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll No File
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll No File
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll No File
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll No File
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll No File
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll No File
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll No File
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll No File
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll No File
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll No File
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{B13C11A3-C8A2-45B8-B80A-77273C9777E2}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{B29ED573-1ECD-446F-B755-C875A51DB39E}: [DhcpNameServer] 168.94.0.14 168.94.0.15

Internet Explorer:
==================
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
URLSearchHook: HKLM-x32 -> Default = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {882538B3-CD84-4DB6-8D09-581EC6928000} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL =
SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-2207880224-1610313754-884784625-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default
FF DefaultSearchEngine: Yahoo! Search
FF SelectedSearchEngine: Yahoo! Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-04-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-04-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2207880224-1610313754-884784625-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-07-30] (Google)
FF Plugin HKU\S-1-5-21-2207880224-1610313754-884784625-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-07-30] (Google)
FF Plugin HKU\S-1-5-21-2207880224-1610313754-884784625-1000: @talk.google.com/O3DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-30] ()
FF Plugin HKU\S-1-5-21-2207880224-1610313754-884784625-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2207880224-1610313754-884784625-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2207880224-1610313754-884784625-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-07-30] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-30] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-07-30] (Google)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\searchplugins\aol-search.xml [2014-01-19]
FF Extension: firesshnightlightws - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\Extensions\firessh@nightlight.ws [2015-04-04] [not signed]
FF Extension: ViewPlay 1.0.1 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\Extensions\{9bd9da5d-43e8-4e1a-b0db-21649d28d6e0}.xpi [2014-12-25] [not signed]
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2014-01-19] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-28] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-03-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found
FF HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\X4Bxn@gmail.com [not found]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{a1ec290a-8ad8-c41a-855e-38572413c1aa} [not found]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{5b04e40f-2145-d80a-b593-afaefebc5816} [not found]
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files (x86)\LyricSing\133.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-08-19] (Portrait Displays, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NinjaLoaderService; "C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe" /svc [X]
S2 spdfrmon; C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ElgatoGC656Y; C:\Windows\System32\Drivers\ElgatoGC656.sys [94440 2014-07-07] (UB658)
S3 FintekCIR; C:\Windows\system32\drivers\FintekCIR.sys [30248 2009-11-13] (Fintek)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28920 2013-02-04] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-23] (n/a)
U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-02 15:45 - 2015-11-02 15:46 - 00023673 _____ C:\Users\Owner\Desktop\FRST.txt
2015-11-02 15:45 - 2015-11-02 15:45 - 00000000 ____D C:\FRST
2015-11-02 15:41 - 2015-11-02 15:27 - 02198016 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-11-02 12:02 - 2015-11-02 12:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-02 12:02 - 2015-11-02 12:26 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-02 12:02 - 2015-11-02 12:17 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-02 12:02 - 2015-11-02 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-02 12:02 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-02 12:02 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-02 10:50 - 2015-11-02 12:24 - 00028868 _____ C:\Windows\PFRO.log
2015-11-02 10:40 - 2015-11-02 10:43 - 00000000 ____D C:\AdwCleaner
2015-11-02 00:52 - 2015-11-02 15:42 - 00062581 _____ C:\Windows\WindowsUpdate.log
2015-11-02 00:52 - 2015-11-02 15:40 - 00001186 _____ C:\Windows\setupact.log
2015-11-02 00:52 - 2015-11-02 00:52 - 00000000 _____ C:\Windows\setuperr.log
2015-11-02 00:20 - 2015-11-02 12:17 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-02 00:20 - 2015-11-02 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-02 00:19 - 2015-11-02 00:20 - 00000000 ____D C:\Program Files\CCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-02 15:43 - 2009-07-14 00:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-02 15:39 - 2009-07-14 00:08 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-02 15:39 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-02 12:37 - 2013-08-10 18:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-02 12:37 - 2013-08-10 18:51 - 00000000 ____D C:\Users\Owner\Desktop\mbar
2015-11-02 12:24 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-02 12:24 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-02 12:17 - 2014-08-31 15:24 - 00002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-11-02 12:17 - 2014-08-09 10:24 - 00002257 _____ C:\Users\Public\Desktop\Driver Support.lnk
2015-11-02 12:17 - 2014-01-18 18:03 - 00001739 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-02 12:17 - 2014-01-18 18:01 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-02 12:17 - 2013-12-16 18:34 - 00001242 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2015-11-02 12:17 - 2013-04-19 12:41 - 00001017 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-02 12:17 - 2013-03-24 01:12 - 00001003 _____ C:\Users\Public\Desktop\PowerISO.lnk
2015-11-02 12:17 - 2013-03-10 13:21 - 00002163 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2015-11-02 12:17 - 2013-03-10 13:20 - 00001311 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2015-11-02 12:17 - 2013-03-10 13:20 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-11-02 12:17 - 2013-03-06 09:15 - 00001358 _____ C:\Users\Public\Desktop\HP TouchSmart Magic Canvas.lnk
2015-11-02 12:17 - 2013-03-03 20:22 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-11-02 12:17 - 2013-03-03 20:22 - 00002015 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-11-02 12:17 - 2013-03-03 20:07 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-02 12:17 - 2013-02-26 14:44 - 00000971 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-02 12:17 - 2013-02-26 14:41 - 00001775 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warranty.lnk
2015-11-02 12:17 - 2012-01-23 13:32 - 00002477 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-11-02 12:17 - 2012-01-23 13:32 - 00001449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-11-02 12:17 - 2012-01-23 13:32 - 00001365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-11-02 12:17 - 2012-01-23 13:32 - 00001296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-11-02 12:17 - 2012-01-23 13:22 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint.lnk
2015-11-02 12:17 - 2012-01-23 13:22 - 00001288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go.lnk
2015-11-02 12:17 - 2012-01-23 13:12 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2015-11-02 12:17 - 2012-01-23 13:00 - 00001652 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Beats Audio.lnk
2015-11-02 12:17 - 2011-02-11 12:05 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-11-02 12:17 - 2011-02-11 12:05 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-11-02 12:17 - 2009-07-13 23:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-02 12:17 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-11-02 12:17 - 2009-07-13 23:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-11-02 12:17 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-11-02 12:17 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-11-02 12:16 - 2015-04-04 12:24 - 00000000 ____D C:\ProgramData\cheap-o
2015-11-02 12:16 - 2015-01-21 14:03 - 00000000 ____D C:\Program Files (x86)\8306ec99-c559-4a07-ba87-bff22a98676d
2015-11-02 12:16 - 2014-10-25 15:37 - 00002083 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2015-11-02 12:16 - 2014-10-25 15:37 - 00000986 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2015-11-02 12:16 - 2013-12-05 22:49 - 00002179 _____ C:\Users\Owner\Desktop\HP Support Assistant.lnk
2015-11-02 12:16 - 2013-03-10 13:20 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-11-02 12:16 - 2012-01-23 13:08 - 00000000 ____D C:\Program Files (x86)\AMD APP
2015-11-02 12:16 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-11-02 12:16 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-11-02 12:02 - 2014-06-15 16:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-02 10:43 - 2013-08-18 09:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-02 10:43 - 2013-02-26 14:40 - 00000000 ____D C:\Users\Owner
2015-11-02 10:43 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-02 01:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-02 01:31 - 2014-01-18 18:00 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-11-02 00:44 - 2012-01-23 14:53 - 00000000 ____D C:\ProgramData\Recovery
2015-11-02 00:31 - 2013-09-23 16:48 - 00000000 ____D C:\Windows\Minidump
2015-11-02 00:31 - 2013-03-08 08:20 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2015-11-02 00:31 - 2011-02-11 12:00 - 00000000 ____D C:\Windows\Panther
2015-11-01 20:32 - 2013-03-28 19:01 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-01 20:21 - 2013-03-03 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-01 20:05 - 2013-06-18 17:12 - 00000000 ____D C:\Program Files (x86)\DevPro
2015-11-01 20:04 - 2013-03-01 00:38 - 00000000 ____D C:\ProgramData\Skype
2015-11-01 20:03 - 2014-08-31 15:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-11-01 20:03 - 2013-03-01 00:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-01 20:02 - 2015-01-22 14:03 - 00000000 ____D C:\Users\Owner\AppData\Local\Ninja Loader
2015-11-01 20:02 - 2014-12-26 16:40 - 00000000 ____D C:\Users\Owner\AppData\Local\Search Protect
2015-11-01 20:02 - 2014-10-25 15:39 - 00000000 ____D C:\Program Files (x86)\Simple
2015-11-01 20:02 - 2014-10-25 15:38 - 00000000 ____D C:\Program Files (x86)\NpackdCL
2015-11-01 20:02 - 2014-08-31 15:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-11-01 20:02 - 2014-08-09 10:24 - 00000000 ____D C:\Users\Owner\AppData\Local\PC_Drivers_Headquarters
2015-11-01 20:02 - 2013-04-27 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2015-11-01 20:02 - 2013-03-01 00:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2015-11-01 20:02 - 2012-01-23 13:17 - 00000000 ____D C:\ProgramData\RoxioNow
2015-11-01 20:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-11-01 20:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2015-11-01 20:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-11-01 20:02 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-01 20:01 - 2014-09-13 16:18 - 00000000 ____D C:\Program Files\Elgato
2015-11-01 20:01 - 2013-03-15 14:31 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2015-11-01 19:34 - 2014-11-08 13:40 - 00000000 ____D C:\ProgramData\7740e5e2-3946-433b-8ea8-e4290a5c4bc8
2015-11-01 18:16 - 2014-04-29 14:00 - 00000000 __SHD C:\Users\Owner\AppData\LocalLow\EmieSiteList
2015-11-01 16:14 - 2015-04-04 14:51 - 00000020 _____ C:\Users\Owner\AppData\Roaming\appdataFr3.bin
2015-10-26 01:03 - 2013-04-19 12:34 - 00000000 ____D C:\Program Files (x86)\GIMP-2.0
2015-10-26 01:02 - 2013-05-06 16:34 - 00000000 ____D C:\Users\Owner\.gimp-2.6

==================== Files in the root of some directories =======

2015-03-31 03:14 - 2015-03-31 03:14 - 0005655 _____ () C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93
2015-04-04 14:51 - 2015-11-01 16:14 - 0000020 _____ () C:\Users\Owner\AppData\Roaming\appdataFr3.bin
2015-03-09 16:30 - 2015-03-09 16:30 - 0005487 _____ () C:\Users\Owner\AppData\Roaming\QJNFZ
2015-03-31 03:14 - 2015-03-31 03:14 - 0004387 _____ () C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH
2014-08-09 09:54 - 2014-08-09 09:54 - 0000043 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-01-19 21:16 - 2014-07-02 18:56 - 0005120 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-10 13:17 - 2014-06-15 14:22 - 0003622 _____ () C:\ProgramData\hpzinstall.log
2013-12-16 18:33 - 2013-12-16 18:33 - 0000000 _____ () C:\ProgramData\spds90.txt

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\abikkgv-.dll
C:\Users\Owner\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Owner\AppData\Local\Temp\pmbrirno.dll
C:\Users\Owner\AppData\Local\Temp\pyl2DE.tmp.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-30 07:24

==================== End of FRST.txt ============================

 

 

ADDITION.TXT

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Owner (2015-11-02 15:46:53)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-02-26 19:40:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2207880224-1610313754-884784625-500 - Administrator - Disabled)
Guest (S-1-5-21-2207880224-1610313754-884784625-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2207880224-1610313754-884784625-1002 - Limited - Enabled)
Owner (S-1-5-21-2207880224-1610313754-884784625-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
F300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
F300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Talk Plugin (HKLM-x32\...\{15CC861C-C69E-3758-8961-CE304C2595B6}) (Version: 4.4.2.14502 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Horizon v2.7.9.3 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.3 - Daring Development Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.06.004 - Portrait Displays, Inc.)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4231.26923 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP TouchSmart Browser (HKLM-x32\...\{7561C05C-FE30-4D0E-9B8D-5218734E3986}) (Version: 5.1.4167.12664 - Hewlett-Packard)
HP TouchSmart Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4171.15168 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{00F15573-18BB-4FAD-A763-F29401609C2F}) (Version: 5.1.4160.26759 - Hewlett-Packard)
HP TouchSmart Clock (HKLM-x32\...\{692D3BE1-0BD9-4B4C-A974-CB2EAEA99304}) (Version: 5.1.3882.1 - Hewlett-Packard)
HP TouchSmart Get Updated! (HKLM-x32\...\{2B720998-2E26-4DD6-8AC8-A1FCA4B58384}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart Paint Blast (HKLM-x32\...\{FBB0C095-4FF0-4AF6-8CD5-A80A390FB101}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart Rss (HKLM-x32\...\{2F1EB600-5E67-4AAA-9D5F-84430CDA4E47}) (Version: 5.1.4170.22458 - Hewlett-Packard)
HP TouchSmart Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 4.0.0.4 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1514D}) (Version: 3.0.4162.32190 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart Weather (HKLM-x32\...\{52727E8B-5F72-4795-8BEA-4E1FF4BFA0D9}) (Version: 5.1.4184.10337 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.4214 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6349.0 - IDT)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{AB505D2E-B7C7-4D42-91E2-A130963CC963}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mobile App Sync (HKLM-x32\...\Mobile App Sync) (Version:  - Mobile App Sync)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.26.005 - Portrait Displays, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.12.13601 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

03-01-2015 13:46:05 Windows Update
07-01-2015 16:42:24 Windows Update
21-01-2015 13:47:11 Uniblue SpeedUpMyPC installation
21-01-2015 13:55:01 Windows Update
22-01-2015 03:00:40 Windows Update
04-04-2015 11:54:21 Windows Update
04-04-2015 15:40:33 Windows Update
26-10-2015 00:49:36 Removed Elgato Game Capture HD
28-10-2015 02:37:32 Installed Skype™ 6.3
01-11-2015 19:36:56 Removed Bing Maps 3D
01-11-2015 19:40:51 Removed Firebird SQL Server - MAGIX Edition
01-11-2015 19:43:24 Removed HP TouchSmart eBay.
01-11-2015 19:56:56 Removed MySafeProxy for Internet Explorer
01-11-2015 19:59:27 Removed MySafeProxy for Internet Explorer
01-11-2015 20:01:58 Removed Text-To-Speech-Runtime
01-11-2015 20:02:38 Removed Skype™ 6.16
01-11-2015 20:06:22 Removed NpackdCL
01-11-2015 20:26:10 Restore Operation
02-11-2015 01:30:39 Removed Bonjour

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BD2C35D-5DC5-4EED-B50F-F71E15B2D037} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-07] (PC Drivers Headquarters)
Task: {0BEFAA6D-6A34-45EF-A04F-5358246C1A48} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-07] (PC Drivers Headquarters)
Task: {0F1E6322-7A91-476C-9B3F-5451ABDC82AE} - System32\Tasks\UU6SvxKEVNf7SyAH => C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe <==== ATTENTION
Task: {23A67A6D-2679-4AB5-8C90-187C19528E5C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {48B8E1E3-69AB-489B-A8C2-AD56A27FD50C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard)
Task: {509D3D3A-803C-4076-9A52-ABF4FED5AD28} - System32\Tasks\QJNFZ => C:\Users\Owner\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: {6EDB8CB9-EFF1-480A-8AC0-CE82D50C862A} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-07] (PC Drivers Headquarters)
Task: {6F635CEA-B126-4FDD-9385-288575A110C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7229F1C5-A02E-4760-909C-A6DD6BFDB147} - System32\Tasks\7VFDP8RjMzr9UuBo7rJhCRm93 => C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93.exe <==== ATTENTION
Task: {7D39345B-740B-44E9-A268-4237B398FD1D} - System32\Tasks\NSManager_1414299421 => C:\Users\Owner\AppData\Local\NSManager\manager.exe
Task: {93EBDF39-C20B-4FF2-BCCE-3BE3252C5183} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-04] (Adobe Systems Incorporated)
Task: {95B9B6E8-E10F-4E48-B0A1-46F6E28733B9} - System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093} => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
Task: {A31E685D-0FAA-4FCB-B2BD-8D18BB3E0955} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A52F0343-AE12-4FF5-9006-141BE77D1233} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-07] (PC Drivers Headquarters)
Task: {B112CE94-5188-43A0-8148-218E9AE7D486} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BAAC9490-CE5B-419F-94E9-AFE930E037FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BCDD12B5-A324-4DC9-86A3-00592AD1512A} - System32\Tasks\Component System\Component => C:\Users\Owner\AppData\Local\ComponentG\com.exe [2014-12-05] ()
Task: {BCE8A9F7-F4F7-4608-8896-34EA0FA2EF77} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-20] (CyberLink)
Task: {C6A808AB-BA3E-441F-B809-10A565F23BA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C821436B-DFE4-479E-933D-3E3B6CA3E73E} - System32\Tasks\KCHDV => C:\ProgramData\7ab908b490c44993b797d817bd42cf5f\7ab908b490c44993b797d817bd42cf5f.exe <==== ATTENTION
Task: {CA5A00AC-8BAD-46F9-AB02-AD39559D58C1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2011-05-30] (CyberLink)
Task: {CDAC49B7-E052-48B9-8CF1-E2075B789E17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DA31DA4E-5AED-45C2-836D-5EB0475AF74A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {FF552E37-CE49-417D-81C5-76B0EBC5040C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093}.job => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\7VFDP8RjMzr9UuBo7rJhCRm93.job => C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Driver Support-RTMRules.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: C:\Windows\Tasks\Driver Support-RTMScan.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: C:\Windows\Tasks\Driver Support-RTMUpdater.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\QJNFZ.job => C:\Users\Owner\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\UU6SvxKEVNf7SyAH.job => C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-08-07 07:57 - 2014-08-07 07:57 - 00440712 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2011-06-30 03:14 - 2011-06-30 03:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 17:20 - 2011-03-14 17:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-01-23 13:25 - 2011-02-15 14:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D346F792

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2207880224-1610313754-884784625-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7927F410-6819-4DE6-B86D-603B2E001805}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{8417E9C7-B837-4BE6-B880-D3136F4B9B1B}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{EA07D083-A55D-436D-A914-73E9DF89F0C9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{6834F06F-86C3-4D31-97C0-D9122EEBE450}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{A8F0DA3E-37E9-4BCC-B528-71D0916AC157}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{8FD614C0-5217-430C-A6EE-D6F236CAF55C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\HPTouchSmartPhoto.exe
FirewallRules: [{24759234-0B75-43AC-8366-D2626DA05DA4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\PhotoAgent.exe
FirewallRules: [{BC3D2403-4972-4E9B-949E-EEB19BB1E8CA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe
FirewallRules: [{E10046C7-3E5D-4D7A-994F-C1BD35524069}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe
FirewallRules: [{8E773BFC-071E-4F25-B607-505806B6016B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartVideo.exe
FirewallRules: [{9A122064-03AF-40BF-A4C0-565FEC042213}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe
FirewallRules: [{FFFC7C85-282A-44E6-BC97-BC39DF9F19F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{7FAD085B-BAC0-486B-90E3-271F3C341E21}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{92CDB538-5C9E-4368-9350-26E8AD9F7CEA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{728235F1-E711-45DA-BB38-578A2E2D687A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{C20EF660-6327-47C7-BDF0-D11AB63AE0F5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{6137C26C-FED5-48C1-B585-4A51A1E5333B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A26F9165-7CD6-4B50-A0C4-DB4D736A2434}] => (Allow) LPort=2869
FirewallRules: [{64090673-3A50-433C-9A89-05CC7AAB7FB3}] => (Allow) LPort=1900
FirewallRules: [{82B591B6-2293-4F6E-858D-9CFAE6C6EF54}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8FBE1F9F-24A1-4DC2-80D8-1190D6AE32EC}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C91EF481-7985-4FB4-A71C-94B32AA73D98}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{4F8B029D-1FC3-4290-ABED-8C7CE1A13206}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{E4314CF4-B259-4A18-8126-F36F2B6E25D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{7F8D2FB7-3095-45E1-935C-5F5DAD85E16E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{75A1894D-4619-47E4-A833-1792E6EEC9E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DB512FBA-4DEC-441F-915D-07334612D6F9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{2EAA8AA9-F111-4E26-BAB8-937B24FA3381}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{7CD44E6B-F687-414C-9F55-A7B8037D97E8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4EBF8E4C-CFEC-4598-8BB2-D810CA33E436}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{2B7C383D-AFC7-4844-95FC-09B7D915517B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{128E5039-56C4-4804-9C9A-76975D830F92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{0A5C8516-44BC-42F0-946E-0DF94731B1F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{BABFF70C-129C-420D-ADDD-2BA26B3E6B5E}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{D1C4B647-6109-46F3-9DD5-E576F1039C05}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{8D170693-2C00-4BEF-8AEA-08453A275E2E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{B2BA856A-7413-4CE1-A7FA-8443B8634E5F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{5C2A00E6-BA8D-4F30-8C72-E1D83ACE2A4D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{D66699EA-D292-453B-BB9A-A765F071CE24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{3732A0B6-6902-43A1-B944-CBD85B285DBF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{EAA6BEA3-58F7-432F-8F14-2F5D2C7761BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{CA53DD46-D28F-4DE7-8AD6-C12BB62C3C4A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{AC7DCF90-D390-45DD-B3C6-544FF8EE501F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{CF54AC37-858F-492B-A369-17287E38AC0E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{93BBC29D-EDA3-4325-ACF5-9785CA3653F8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{070FF275-5817-42B5-A297-A14ECE51C6CE}] => (Allow) C:\UDK\UDK-2013-02\Binaries\Win32\UDK.exe
FirewallRules: [{F3920596-63FD-4D4E-9CBC-673C22C668DD}] => (Allow) C:\UDK\UDK-2013-02\Binaries\Win32\UDK.exe
FirewallRules: [{807698D3-5BA6-49BC-925F-7BE59ADED02B}] => (Allow) C:\UDK\UDK-2013-02\Binaries\Win64\UDK.exe
FirewallRules: [{CFB134DF-9C1A-495F-8944-A4318EB2EE05}] => (Allow) C:\UDK\UDK-2013-02\Binaries\Win64\UDK.exe
FirewallRules: [TCP Query User{251B391E-E770-431E-A529-EC3C9BE94B92}C:\users\owner\downloads\utorrent.exe] => (Block) C:\users\owner\downloads\utorrent.exe
FirewallRules: [uDP Query User{6ED95815-8512-40F2-95A4-2EA93DABB8FE}C:\users\owner\downloads\utorrent.exe] => (Block) C:\users\owner\downloads\utorrent.exe
FirewallRules: [TCP Query User{57CCB296-EAB6-4477-84D8-B100275B70BC}C:\users\owner\appdata\local\temp\rar$exa0.417\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.417\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [uDP Query User{BC2359B8-1A9F-4B10-B8C3-8D74E1CD8469}C:\users\owner\appdata\local\temp\rar$exa0.417\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.417\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [TCP Query User{4A89D38B-4374-486B-8771-F77B09808572}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [uDP Query User{06B04513-4EC3-4EDF-BE24-62222A79AA23}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{DAACA051-6D27-4A58-818F-A8AA8EFF7D09}C:\users\owner\appdata\local\temp\rar$exa0.554\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.554\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [uDP Query User{EF4C8B32-1EB0-4226-94EC-70472BFFFA07}C:\users\owner\appdata\local\temp\rar$exa0.554\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.554\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [TCP Query User{EA27D1D5-FCF2-447B-BC40-F96F91C2D4E6}C:\users\owner\appdata\local\temp\rar$exa0.707\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.707\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [uDP Query User{1B5EA772-454D-4AF9-9496-316141BCC6C2}C:\users\owner\appdata\local\temp\rar$exa0.707\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.707\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [TCP Query User{EDA1E31E-1AF8-4A53-8485-2526E8005B89}C:\users\owner\appdata\local\temp\rar$exa0.700\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.700\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [uDP Query User{5C541298-7FBC-408F-A426-213F80514FDA}C:\users\owner\appdata\local\temp\rar$exa0.700\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.700\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [TCP Query User{2D9BB648-377F-46A3-9C4B-8A7AA64D10E4}C:\users\owner\appdata\local\temp\rar$exa0.544\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.544\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [uDP Query User{8246D8B8-2C92-494B-A779-62E47AAF8A4C}C:\users\owner\appdata\local\temp\rar$exa0.544\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.544\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [TCP Query User{9F266EE2-189B-4FB7-AF05-F338B29C14BD}C:\users\owner\appdata\local\temp\rar$exa0.778\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.778\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [uDP Query User{DE093A43-7E42-41B7-A369-9BCD00A76A69}C:\users\owner\appdata\local\temp\rar$exa0.778\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.778\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [TCP Query User{11E21DE4-A828-4573-8CC4-E0290390BFF1}C:\users\owner\appdata\local\temp\rar$exa0.938\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.938\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [uDP Query User{FE8EFB62-F496-4C03-BECC-3CD16E48757D}C:\users\owner\appdata\local\temp\rar$exa0.938\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.938\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [TCP Query User{79314B88-E11A-435D-A1E9-E90FAD567EAF}C:\users\owner\appdata\local\temp\rar$exa0.988\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.988\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [uDP Query User{82828E6C-89EB-4931-A7F5-4257B928A61D}C:\users\owner\appdata\local\temp\rar$exa0.988\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.988\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [TCP Query User{A2F53746-FCF2-404C-B71E-295BDCC33240}C:\users\owner\appdata\local\temp\rar$exa0.195\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.195\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [uDP Query User{18B4D735-6D53-4792-8212-2B288A3C8502}C:\users\owner\appdata\local\temp\rar$exa0.195\bitcoin-0.8.1-win32\bitcoin-qt.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa0.195\bitcoin-0.8.1-win32\bitcoin-qt.exe
FirewallRules: [TCP Query User{A2414218-56EB-4581-B021-B98FE2FE1BF1}C:\program files (x86)\devpro\devpro.dll] => (Block) C:\program files (x86)\devpro\devpro.dll
FirewallRules: [uDP Query User{DC8BF003-1671-488E-98F7-459DA5B694D3}C:\program files (x86)\devpro\devpro.dll] => (Block) C:\program files (x86)\devpro\devpro.dll
FirewallRules: [{ED26CDDD-AD54-4647-8E0F-56E4625310F6}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{289A686F-DD67-4053-8C3E-E2AC0E74FE16}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
FirewallRules: [{568939C8-7CA5-406A-A75A-4A1B6281127A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{49BC0482-051D-4918-9A70-A9F54B3356D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{67BB758C-ACD4-44EF-818F-CC6F66278696}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{76B16E39-5C4A-4573-97B2-54547AD157A2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{46EE590F-FC77-4CF0-A623-C38E3E8620B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0B572F81-3972-425E-AFC4-689937F38A39}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{4CE86EDC-0435-4877-A7F2-1A65D73233B4}] => (Allow) C:\Program Files (x86)\Apowersoft\Free Music Downloader\Free Music Downloader.exe
FirewallRules: [{6174D756-AA74-4665-A73B-871A39C5C4A6}] => (Allow) C:\Program Files (x86)\Apowersoft\Free Music Downloader\Free Music Downloader.exe
FirewallRules: [TCP Query User{7F68E454-D441-438F-8466-24D54534E2BD}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [uDP Query User{33BB03EB-6F80-4660-8992-D1B201FEBABE}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [{549E37E8-CAB5-4E10-8D9F-FDE77F5411C2}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{733EDDC0-448A-4CAF-9B5B-1109C4DD2A5A}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{DDFBE54D-8E8B-4921-8B18-DF03D7FA485D}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [TCP Query User{E7D45A35-7DA1-42F6-A96D-A5587EF6041E}C:\udk\udk-2013-02\binaries\win32\udk.exe] => (Block) C:\udk\udk-2013-02\binaries\win32\udk.exe
FirewallRules: [uDP Query User{F4BE6D6A-A9E1-4FE0-B9F0-B89AC3EA450D}C:\udk\udk-2013-02\binaries\win32\udk.exe] => (Block) C:\udk\udk-2013-02\binaries\win32\udk.exe
FirewallRules: [{C25AD023-3EDF-4D75-AE77-66CEDF665DFB}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{654128FB-C1D3-41F3-84DC-77BA6DA80DC2}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{7CCC81CD-1CBD-4329-BE9A-E482D8D8CF26}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2015 03:42:05 PM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.Net.Sockets.SocketException
   at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
   at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions)
   at HPTouchSmartSyncCalReminderApp.Program.StartExecution()

Error: (11/02/2015 03:39:41 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (11/02/2015 12:21:11 PM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.Net.Sockets.SocketException
   at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
   at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions)
   at HPTouchSmartSyncCalReminderApp.Program.StartExecution()

Error: (11/02/2015 12:18:43 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (11/02/2015 10:51:21 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (11/02/2015 10:35:46 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (11/02/2015 02:04:03 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (11/02/2015 01:54:36 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.Net.Sockets.SocketException
   at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
   at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions)
   at HPTouchSmartSyncCalReminderApp.Program.StartExecution()

Error: (11/02/2015 01:52:11 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (11/02/2015 01:48:30 AM) (Source: HPTouchSmartCalendar) (EventID: 0) (User: )
Description: Application Name: HP TouchSmart Calendar
 Exception Type: System.Net.Sockets.SocketException
   at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(AddressFamily addressFamily, SocketType socketType, ProtocolType protocolType, Boolean autoReset, Boolean signaled)
   at System.Net.NetworkInformation.NetworkChange.AddressChangeListener.StartHelper(NetworkAddressChangedEventHandler caller, Boolean captureContext, StartIPOptions startIPOptions)
   at HPTouchSmartSyncCalReminderApp.Program.StartExecution()


System errors:
=============
Error: (11/02/2015 03:47:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (11/02/2015 03:47:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (11/02/2015 03:47:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (11/02/2015 03:45:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (11/02/2015 03:45:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (11/02/2015 03:42:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147014790

Error: (11/02/2015 03:42:23 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )
Description: 0x80070057

Error: (11/02/2015 03:42:23 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0xc00d4268

Error: (11/02/2015 03:42:23 PM) (Source: WMPNetworkSvc) (EventID: 14356) (User: )
Description: 0x80070057

Error: (11/02/2015 03:42:23 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0xc00d4268


==================== Memory info ===========================

Processor: AMD A4-3400 APU with Radeon HD Graphics
Percentage of memory in use: 38%
Total physical RAM: 3570.78 MB
Available physical RAM: 2195.5 MB
Total Virtual: 7139.75 MB
Available Virtual: 5545.31 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.75 GB) (Free:836.51 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:14.67 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 573054B9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=916.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Hello and welcome,

P2P/Piracy Warning:
 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

The internet connection should be restored, if so continue:

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Next,

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

  • The file will be randomly named
  • Reboot to safe mode
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning

    drwebselect.JPG
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats

    drwebfolders.JPG
  • Press start scan
  • The scan will now commence

    drwebscan.JPG
  • Once the scan has finished click open report <<<--- Do not miss this step

    drwebscancomplete.JPG
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop



This log will be excessive,  Attach it to your next reply…

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin...
 

Fixlist.txt

Link to post
Share on other sites

the internet did work after using the attachment you provided, yay!!!

While running the Junk Removal Tool, I accidently unplugged my computer.... checkdisk was run when I turned the computer back on before windows was loaded it deleted a few files because it said it was corrupted, one of them was the adwcleaner log I had put on desktop, thankfully I had put it on my usb so it is pasted below. dr cure it log is attached per instructions

 

Terri

 

fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Owner (2015-11-02 19:01:41) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [speedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
C:\Program Files (x86)\SpeedItup Free
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\Run: [ares] => "C:\Program Files (x86)\Ares\Ares.exe" -h
C:\Program Files (x86)\Ares
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\...\MountPoints2: G - G:\Autorun.exe
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\bservice.exe: [Debugger] tasklist.exe
IFEO\bservice64.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
IFEO\patch_ff.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\SafeFinder.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\search_protect.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
ProxyServer: [s-1-5-21-2207880224-1610313754-884784625-1000] => http=127.0.0.1:49255;https=127.0.0.1:49255
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll No File
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll No File
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll No File
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll No File
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll No File
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll No File
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll No File
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll No File
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll No File
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll No File
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll No File
cmd: netsh winsock reset
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\X4Bxn@gmail.com [not found]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{a1ec290a-8ad8-c41a-855e-38572413c1aa} [not found]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{5b04e40f-2145-d80a-b593-afaefebc5816} [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
S2 NinjaLoaderService; "C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe" /svc [X]
S2 spdfrmon; C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe [X]
U2 TMAgent; no ImagePath
2015-03-31 03:14 - 2015-03-31 03:14 - 0005655 _____ () C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93
2015-04-04 14:51 - 2015-11-01 16:14 - 0000020 _____ () C:\Users\Owner\AppData\Roaming\appdataFr3.bin
2015-03-09 16:30 - 2015-03-09 16:30 - 0005487 _____ () C:\Users\Owner\AppData\Roaming\QJNFZ
2015-03-31 03:14 - 2015-03-31 03:14 - 0004387 _____ () C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH
C:\Users\Owner\AppData\Local\Temp\abikkgv-.dll
C:\Users\Owner\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Owner\AppData\Local\Temp\pmbrirno.dll
C:\Users\Owner\AppData\Local\Temp\pyl2DE.tmp.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
Task: {0F1E6322-7A91-476C-9B3F-5451ABDC82AE} - System32\Tasks\UU6SvxKEVNf7SyAH => C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe <==== ATTENTION
C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe
Task: {509D3D3A-803C-4076-9A52-ABF4FED5AD28} - System32\Tasks\QJNFZ => C:\Users\Owner\AppData\Roaming\QJNFZ.exe <==== ATTENTION
C:\Users\Owner\AppData\Roaming\QJNFZ.exe
Task: {95B9B6E8-E10F-4E48-B0A1-46F6E28733B9} - System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093} => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
C:\Program Files\Shop For Rewards
Task: {C821436B-DFE4-479E-933D-3E3B6CA3E73E} - System32\Tasks\KCHDV => C:\ProgramData\7ab908b490c44993b797d817bd42cf5f\7ab908b490c44993b797d817bd42cf5f.exe <==== ATTENTION
C:\ProgramData\7ab908b490c44993b797d817bd42cf5f
Task: C:\Windows\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093}.job => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\7VFDP8RjMzr9UuBo7rJhCRm93.job => C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93.exe <==== ATTENTION
C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93.exe
Task: C:\Windows\Tasks\QJNFZ.job => C:\Users\Owner\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\UU6SvxKEVNf7SyAH.job => C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe <==== ATTENTION
C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D346F792
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION
Hosts:
EmptyTemp:
reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpeedItupFree => value removed successfully
"C:\Program Files (x86)\SpeedItup Free" => not found.
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ares => value removed successfully
"C:\Program Files (x86)\Ares" => not found.
"HKU\S-1-5-21-2207880224-1610313754-884784625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\apnmcp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AppIntegrator64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brs.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bservice64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DatamngrUI.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DTUpdate.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ExtensionUpdaterService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FrameworkEngine.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IdcLdr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IdcLdr_x64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IMGUpdater.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keepmysettingsx.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\loggingserver.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Lrcnta.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PastaLeadsService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PastaLeadsWinApp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\patch_ff.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ProtectWindowsManager.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SafeFinder.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searcharmor.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\search_protect.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spbiu.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srptm.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srpts.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srptsl.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SystemkService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SystemSockets.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TBNotifier.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TNT2User.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Toolbar.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ToolbarUpdater.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vprot.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wb.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\YTDownloader.exe" => key removed successfully
HKU\S-1-5-21-2207880224-1610313754-884784625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015" => key removed successfully

=========  netsh winsock reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

"HKU\S-1-5-21-2207880224-1610313754-884784625-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\X4Bxn@gmail.com => path removed successfully
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{a1ec290a-8ad8-c41a-855e-38572413c1aa} => path removed successfully
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{5b04e40f-2145-d80a-b593-afaefebc5816} => path removed successfully
C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js => moved successfully
NinjaLoaderService => service removed successfully
spdfrmon => service removed successfully
TMAgent => service removed successfully
C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93 => moved successfully
C:\Users\Owner\AppData\Roaming\appdataFr3.bin => moved successfully
C:\Users\Owner\AppData\Roaming\QJNFZ => moved successfully
C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH => moved successfully
C:\Users\Owner\AppData\Local\Temp\abikkgv-.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\DRHelper_uninstallComplete.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\pmbrirno.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\pyl2DE.tmp.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F1E6322-7A91-476C-9B3F-5451ABDC82AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F1E6322-7A91-476C-9B3F-5451ABDC82AE}" => key removed successfully
C:\Windows\System32\Tasks\UU6SvxKEVNf7SyAH => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UU6SvxKEVNf7SyAH" => key removed successfully
"C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{509D3D3A-803C-4076-9A52-ABF4FED5AD28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{509D3D3A-803C-4076-9A52-ABF4FED5AD28}" => key removed successfully
C:\Windows\System32\Tasks\QJNFZ => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QJNFZ" => key removed successfully
"C:\Users\Owner\AppData\Roaming\QJNFZ.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95B9B6E8-E10F-4E48-B0A1-46F6E28733B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95B9B6E8-E10F-4E48-B0A1-46F6E28733B9}" => key removed successfully
C:\Windows\System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093}" => key removed successfully
"C:\Program Files\Shop For Rewards" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C821436B-DFE4-479E-933D-3E3B6CA3E73E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C821436B-DFE4-479E-933D-3E3B6CA3E73E}" => key removed successfully
C:\Windows\System32\Tasks\KCHDV => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KCHDV" => key removed successfully
"C:\ProgramData\7ab908b490c44993b797d817bd42cf5f" => not found.
C:\Windows\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{50FADD01-B759-4358-8386-DFC5ABFF4093}.job => moved successfully
C:\Windows\Tasks\7VFDP8RjMzr9UuBo7rJhCRm93.job => moved successfully
"C:\Users\Owner\AppData\Roaming\7VFDP8RjMzr9UuBo7rJhCRm93.exe" => not found.
C:\Windows\Tasks\QJNFZ.job => moved successfully
C:\Windows\Tasks\UU6SvxKEVNf7SyAH.job => moved successfully
"C:\Users\Owner\AppData\Roaming\UU6SvxKEVNf7SyAH.exe" => not found.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":D346F792" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 134.5 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 19:02:39 ====

ADWCLEANER LOG

 

# AdwCleaner v5.016 - Logfile created 02/11/2015 at 19:13:10
# Updated 01/11/2015 by Xplode
# Database : 2015-11-01.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - OWNER-HP
# Running from : C:\Users\Owner\Desktop\adwcleaner_5.016.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mnonkalmdjjnelekfdaldkknjkedgamf_0
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnonkalmdjjnelekfdaldkknjkedgamf

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [962 bytes] ##########

 

JRTLOG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Mon 11/02/2015 at 19:55:00.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully deleted: [service] backupstack [Reboot required]
Successfully deleted: [service] drvagent64 [Reboot required]
Successfully deleted: [service] nethxxpservice [Reboot required]
Successfully deleted: [service] serviceupdater [Reboot required]

 

~~~ Tasks

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

 

~~~ Registry Keys

Successfully deleted: [Registry Key] (Default)    REG_SZ    Fast Browser
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Fast Browser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Deal Keeper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update ViewPlay
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Deal Keeper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util ViewPlay

 

~~~ Files

Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\search.lnk

 

~~~ Folders

Failed to delete: [Folder] C:\ai_recyclebin
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{32782E95-F6B4-434D-A244-DB5FF090DE52}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{48386CD9-28AA-466B-A2D1-822973E5CF6D}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{4918BDC7-916D-42B1-86B3-4E3D313B033B}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{536F5D56-499A-474D-BCCD-F707C9783D4D}
Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{D2EE6D8E-2277-4857-9637-EE7B24C3DC84}
Successfully deleted: [Folder] C:\Users\Owner\Appdata\Local\com
Successfully deleted: [Folder] C:\Users\Owner\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Owner\Appdata\Local\ninja loader
Successfully deleted: [Folder] C:\Users\Owner\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\Users\Owner\Documents\add-in express
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin
Successfully deleted: [Folder] C:\ProgramData\dcnbmhhcjmdlkjpdijebokfpaaglfefp

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\frrk1y4e.default\searchplugins\aol-search.xml
Successfully deleted: [Folder] C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\frrk1y4e.default\prefs.js

user_pref(extensions.5m22mskJl0wL1qGw.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl
user_pref(extensions.70TRuaLRWkCnUMhz.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl
user_pref(extensions.IEjfwaZsY31XJVXg.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl
user_pref(extensions.MnY6j06ojNG9R1fD.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl
user_pref(extensions.WAZphDBtQNEtD6Wn.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl
user_pref(extensions.YuHkPkvCAjudHick.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl
user_pref(extensions.asEQBdxPC66IUPAU.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl
user_pref(extensions.kJJcRpQ8v7Ykp6yp.scode, (function(){try{if(window.self.location.href.indexOf(\rjg7qHYGrTwEqjUEpdg9qdrG\)>-1){return;}}catch(e){}try{var d=[[\triangl

 

~~~ Chrome

[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
elchiiiejkobdbblfejjkbphbddgmljf

[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/02/2015 at 20:00:13.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

cureit.log

Link to post
Share on other sites

Excellent, run Malwarebytes once more as follows:

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Thank you,

 

Kevin...

Link to post
Share on other sites

windows updated the computer while I was sleeping. Why was the computer unable to connect to internet? I ran mbam again and the log Is underneath.

 

Thanks,

Terri

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/3/2015
Scan Time: 10:32 AM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.03.05
Rootkit Database: v2015.10.28.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388233
Time Elapsed: 23 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [376a95e44645181ea5a50528b84a926e],
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [376a95e44645181ea5a50528b84a926e],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [376a95e44645181ea5a50528b84a926e],
PUP.Optional.GetSavin, HKU\S-1-5-21-2207880224-1610313754-884784625-1000\SOFTWARE\APPDATALOW\SOFTWARE\getsav-in, Quarantined, [dec3f386e2a9ae888e9ca42119eaf010],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 36
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [19880c6d8a0165d16df1f97f9b673ac6],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [19880c6d8a0165d16df1f97f9b673ac6],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [8021c5b4dbb0b5810c528fe93dc5f907],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [8021c5b4dbb0b5810c528fe93dc5f907],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [cdd473066823c76f96c8e2966e94817f],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [cdd473066823c76f96c8e2966e94817f],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [069b91e8a7e4f54171ee3444c83a3bc5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [069b91e8a7e4f54171ee3444c83a3bc5],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [fea3ec8d5b3072c4481788f0c83a817f],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [fea3ec8d5b3072c4481788f0c83a817f],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [f3aedf9a7b1095a1d38c11676b97db25],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [f3aedf9a7b1095a1d38c11676b97db25],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [f4ad1e5bb7d49b9b0a565d1b8181c23e],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [f4ad1e5bb7d49b9b0a565d1b8181c23e],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [9f02fd7c02891620a5bb9eda34ce08f8],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [9f02fd7c02891620a5bb9eda34ce08f8],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [4c55caafb4d7d0669fc1d6a23fc32bd5],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [4c55caafb4d7d0669fc1d6a23fc32bd5],
PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser, Quarantined, [aff2502983089c9a6d95522428dab848],
PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data, Quarantined, [aff2502983089c9a6d95522428dab848],
PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default, Quarantined, [aff2502983089c9a6d95522428dab848],
PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions, Quarantined, [aff2502983089c9a6d95522428dab848],
PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [aff2502983089c9a6d95522428dab848],
PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [aff2502983089c9a6d95522428dab848],
PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11],
PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11],
PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11],
PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11],
PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11],
PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11],
PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d],
PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d],
PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d],
PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d],
PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d],
PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d],

Files: 54
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [19880c6d8a0165d16df1f97f9b673ac6],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [19880c6d8a0165d16df1f97f9b673ac6],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [19880c6d8a0165d16df1f97f9b673ac6],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [19880c6d8a0165d16df1f97f9b673ac6],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [8021c5b4dbb0b5810c528fe93dc5f907],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [8021c5b4dbb0b5810c528fe93dc5f907],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [8021c5b4dbb0b5810c528fe93dc5f907],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [8021c5b4dbb0b5810c528fe93dc5f907],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [cdd473066823c76f96c8e2966e94817f],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [cdd473066823c76f96c8e2966e94817f],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [cdd473066823c76f96c8e2966e94817f],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [cdd473066823c76f96c8e2966e94817f],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [069b91e8a7e4f54171ee3444c83a3bc5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [069b91e8a7e4f54171ee3444c83a3bc5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [069b91e8a7e4f54171ee3444c83a3bc5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [069b91e8a7e4f54171ee3444c83a3bc5],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [fea3ec8d5b3072c4481788f0c83a817f],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [fea3ec8d5b3072c4481788f0c83a817f],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [fea3ec8d5b3072c4481788f0c83a817f],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [fea3ec8d5b3072c4481788f0c83a817f],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [f3aedf9a7b1095a1d38c11676b97db25],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [f3aedf9a7b1095a1d38c11676b97db25],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [f3aedf9a7b1095a1d38c11676b97db25],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [f3aedf9a7b1095a1d38c11676b97db25],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [f4ad1e5bb7d49b9b0a565d1b8181c23e],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [f4ad1e5bb7d49b9b0a565d1b8181c23e],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [f4ad1e5bb7d49b9b0a565d1b8181c23e],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [f4ad1e5bb7d49b9b0a565d1b8181c23e],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [9f02fd7c02891620a5bb9eda34ce08f8],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [9f02fd7c02891620a5bb9eda34ce08f8],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [9f02fd7c02891620a5bb9eda34ce08f8],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [9f02fd7c02891620a5bb9eda34ce08f8],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [4c55caafb4d7d0669fc1d6a23fc32bd5],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [4c55caafb4d7d0669fc1d6a23fc32bd5],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [4c55caafb4d7d0669fc1d6a23fc32bd5],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [4c55caafb4d7d0669fc1d6a23fc32bd5],
Adware.Trace, C:\awh11EB.tmp, Quarantined, [524fb8c1236881b5c97a3496a55ec739],
Adware.Trace, C:\awh49CB.tmp, Quarantined, [faa75e1b9bf00333e55edfeb28db15eb],
Adware.Trace, C:\awh4AE4.tmp, Quarantined, [eab77efbe1aaa195ac97f8d2dc278977],
Adware.Trace, C:\awhC226.tmp, Quarantined, [7e23a8d1d4b72a0c3c0701c9a85b758b],
Adware.Trace, C:\awhFA9.tmp, Quarantined, [7d246613b1da241294af29a1976c0000],
PUP.Optional.Yontoo, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\frrk1y4e.default\extensions\{9bd9da5d-43e8-4e1a-b0db-21649d28d6e0}.xpi, Quarantined, [e4bd7ffa9fec2e0814d95c6e798a857b],
PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [aff2502983089c9a6d95522428dab848],
PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [aff2502983089c9a6d95522428dab848],
PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [aff2502983089c9a6d95522428dab848],
PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [aff2502983089c9a6d95522428dab848],
PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11],
PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11],
PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11],
PUP.Optional.Chromatic, C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [b7ea5d1c6f1cab8b946e7afcb64cef11],
PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\background.html, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d],
PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\content.js, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d],
PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\lsdb.js, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d],
PUP.Optional.Chromatic, C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\colbpnfokemnfknegpihpfhngknnebph\5.2\manifest.json, Quarantined, [7d24c0b9b1da1224936f9adc35cda35d],

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

The internet connection was defunct because the winsock catalog was corrupt, probably due to malware/infection activity.. What is the current status of the system, are there any remaining issues or concerns?

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...
 

Thanks,

 

Kevin...

Link to post
Share on other sites

the system is quite stable, no more issues, thank you very much.

 

Terri

 

 Results of screen317's Security Check version 1.009 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 19.0.0.226 
 Adobe Reader XI 
 Mozilla Firefox 23.0.1 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Good to hear the system is ok, no issues in Security Checks except for outdated Mozilla Firefox. If you use it keep it updated https://www.mozilla.org/en-GB/firefox/new/

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.