Jump to content

Need Virus Help


Recommended Posts

Hello, I'm working on a friend's PPC who has a virus that will not be removed by your malware removal software. Any help you can give me would be appreciated. Here are the 2 files you requested:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Bill and Carolyn (administrator) on HOME (27-01-2016 14:20:38)
Running from C:\Users\Bill and Carolyn\Downloads
Loaded Profiles: Bill and Carolyn (Available Profiles: Bill and Carolyn)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-12] (AVAST Software)
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-393720703-981639920-2373800576-1000\...\Run: [Google Update] => C:\Users\Bill and Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-393720703-981639920-2373800576-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_ActiveX.exe [1162944 2015-12-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-393720703-981639920-2373800576-1000\...\MountPoints2: {0bd34f4f-afb6-11de-8d13-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-393720703-981639920-2373800576-1000\...\MountPoints2: {7695b583-dc0a-11de-a488-90e6ba1d4d82} - G:\SprintPreCopy.exe -L -d:NVTLBLUEUSB
HKU\S-1-5-21-393720703-981639920-2373800576-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-12] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7B98FA5B-2DE0-43DF-98DA-E660D02CC3ED}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-393720703-981639920-2373800576-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=iedef
HKU\S-1-5-21-393720703-981639920-2373800576-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-393720703-981639920-2373800576-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=iedef
URLSearchHook: HKU\S-1-5-21-393720703-981639920-2373800576-1000 - (No Name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No File
URLSearchHook: HKU\S-1-5-21-393720703-981639920-2373800576-1000 - (No Name) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM -> {32187486-842F-461A-80C0-82F1A7A7A074} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {5F5223EE-EC79-4093-8A35-C9339595A85A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {32187486-842F-461A-80C0-82F1A7A7A074} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm0917Aus&ptb=nniBucxCZqSvSVmkykwEsg&ind=2011021208&ptnrS=ZUxdm0917Aus&si=&n=77ddbf98&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {5F5223EE-EC79-4093-8A35-C9339595A85A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> {32187486-842F-461A-80C0-82F1A7A7A074} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm0917Aus&ptb=nniBucxCZqSvSVmkykwEsg&ind=2011021208&ptnrS=ZUxdm0917Aus&si=&n=77ddbf98&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=defoffer_spd_irspd_14_29_ie&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AtC0DyE0DzztByEyCtBtAtN0D0Tzu0SzytByCtN1L2XzutBtFtBtCtFtCtCtFtDtN1L1Czu0C0I0S0V0E0R1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0CtC0BzztB0AyEtGtC0AtByDtG0FtD0DtCtGtB0AtCtAtGtDzz0EyEtC0AyD0B0FtC0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzztB0AtD0FtBtG0EyCtA0BtGyD0BtAtDtG0D0B0AzytGtA0BzytD0AyEyDzzyE0A0Azy2Q&cr=400277898&ir=
SearchScopes: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> {8B63A8D6-BBED-4341-8867-790E5F524C96} URL = hxxp://mystart.incredigames.com/?search={searchTerms}&loc=incredigame_search_box
SearchScopes: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2
SearchScopes: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20100416,6686,0,8,0
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-12] (AVAST Software)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23] (Yahoo! Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-12] (AVAST Software)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23] (Yahoo! Inc)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-393720703-981639920-2373800576-1000 -> No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} -  No File
DPF: HKLM-x32 {809A6301-7B40-4436-A02C-87B8D3D7D9E3} hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
DPF: HKLM-x32 {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: HKLM-x32 {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463} hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {C86FF4B0-AA1D-46D4-8612-025FB86583C7} hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab
DPF: HKLM-x32 {CAC181B0-4D70-402D-B571-C596A47D0CE0} hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://games.att.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: HKLM-x32 {DAF5D9A2-D982-4671-83E4-0398706A5F6A} hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\npMotive.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-393720703-981639920-2373800576-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-393720703-981639920-2373800576-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-393720703-981639920-2373800576-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Bill and Carolyn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-07-30] (Yahoo! Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-12]

Chrome:
=======
CHR Profile: C:\Users\Bill and Carolyn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Bill and Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2015-12-01]
CHR Extension: (No Name) - C:\Users\Bill and Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2015-12-01]
CHR Extension: (No Name) - C:\Users\Bill and Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-12-01]
CHR Extension: (No Name) - C:\Users\Bill and Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-12-01]
CHR Extension: (No Name) - C:\Users\Bill and Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-01]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-393720703-981639920-2373800576-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2014-07-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-12] (AVAST Software)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 CASprint; "C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe" /n "CASprint" [X]
S3 SprintRcAppSvc; "C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe" /n "SprintRcAppSvc" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-12] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-12] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-12] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-12] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-18] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-12] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-12] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213120 2008-09-23] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213120 2008-09-23] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213120 2008-09-23] (Novatel Wireless Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28808 2008-09-23] ()
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 14:19 - 2016-01-27 14:19 - 00000000 ____D C:\Users\Bill and Carolyn\Downloads\FRST-OlderVersion

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 14:21 - 2015-12-01 14:51 - 00019106 _____ C:\Users\Bill and Carolyn\Downloads\FRST.txt
2016-01-27 14:20 - 2015-12-01 14:50 - 00000000 ____D C:\FRST
2016-01-27 14:19 - 2015-12-01 14:49 - 02370560 _____ (Farbar) C:\Users\Bill and Carolyn\Downloads\FRST64.exe
2016-01-27 12:21 - 2015-12-01 14:38 - 00886752 _____ C:\Windows\ntbtlog.txt
2015-12-28 07:04 - 2013-01-31 07:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-28 07:04 - 2009-12-05 08:16 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9251D9C-595F-464A-A5CC-D5CE3D60F86B}
2015-12-28 07:00 - 2013-03-18 15:15 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-28 06:59 - 2010-04-27 20:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-28 06:59 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

==================== Files in the root of some directories =======

2015-07-13 15:54 - 2015-07-13 15:54 - 0000470 _____ () C:\Program Files (x86)\0713201516543995.bat
2015-07-13 15:58 - 2015-07-13 15:58 - 0000476 _____ () C:\Program Files (x86)\0713201516582661.bat
2015-12-11 16:32 - 2015-12-11 16:32 - 6420480 _____ () C:\Program Files (x86)\GUT5FDB.tmp
2011-09-16 19:59 - 2011-09-23 20:08 - 0001854 _____ () C:\Users\Bill and Carolyn\AppData\Roaming\GhostObjGAFix.xml
2014-07-14 11:16 - 2014-07-19 08:04 - 0000089 _____ () C:\Users\Bill and Carolyn\AppData\Roaming\WB.CFG
2009-11-27 04:03 - 2014-03-07 21:06 - 0017518 _____ () C:\Users\Bill and Carolyn\AppData\Roaming\wklnhst.dat
2011-04-20 20:58 - 2011-04-21 14:47 - 0007738 ___SH () C:\Users\Bill and Carolyn\AppData\Local\46ln52t2jd0wtdov8f54628d883r320go
2010-04-01 06:34 - 2010-08-06 20:55 - 0007680 _____ () C:\Users\Bill and Carolyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-11-24 17:32 - 2010-11-24 17:32 - 0000236 _____ () C:\Users\Bill and Carolyn\AppData\Local\LaunchHomeCenter.log
2011-03-19 11:56 - 2011-03-19 11:56 - 3002471 _____ (MyWebSearch.com) C:\Users\Bill and Carolyn\AppData\Local\mwsautSp.exe
2013-10-04 20:42 - 2013-10-04 20:42 - 0669822 _____ () C:\Users\Bill and Carolyn\AppData\Local\tmpIMG_0303.0
2013-10-04 20:42 - 2013-10-04 20:42 - 0243179 _____ () C:\Users\Bill and Carolyn\AppData\Local\tmpIMG_0303.JPG
2011-07-31 13:08 - 2011-07-31 13:08 - 0000000 _____ () C:\Users\Bill and Carolyn\AppData\Local\{3BC669EC-76FB-4686-9B29-6998007F1CCF}
2012-01-05 11:40 - 2012-01-05 11:40 - 0000000 _____ () C:\Users\Bill and Carolyn\AppData\Local\{9CDB4D8D-096B-48DC-B59E-846E12B418EA}
2012-01-05 08:01 - 2012-01-05 08:01 - 0000000 _____ () C:\Users\Bill and Carolyn\AppData\Local\{C7A28D8F-D919-4C95-B359-A0AB005CDF93}
2011-04-20 20:58 - 2011-04-21 14:47 - 0007738 ___SH () C:\ProgramData\46ln52t2jd0wtdov8f54628d883r320go

Some files in TEMP:
====================
C:\Users\Bill and Carolyn\AppData\Local\Temp\7_wonders_treasures_of_seven-setup.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\;5realms_444.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\;install_flash_player.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\atlanticquest_434684244-setup[1].exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\bejeweled_3_89819185-setup.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\bundle_ask.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuu0kaz.dll
C:\Users\Bill and Carolyn\AppData\Local\Temp\ffunzip.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\GLFE9A4.tmp.ConduitEngineSetup.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\GUR10CF.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\GUREE70.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\IHUD779.tmp.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\jewel_match_bundle_08652184-setup[1].exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\jewel_quest_sleepless_star_44484151-setup[1].exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\OberonStub.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
C:\Users\Bill and Carolyn\AppData\Local\Temp\prxGLFE9A4.tmp.tbFree.dll
C:\Users\Bill and Carolyn\AppData\Local\Temp\Resource.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\soallpdk.dll
C:\Users\Bill and Carolyn\AppData\Local\Temp\solitaire_for_dummies_regular-setup[1].exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\sp44460.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\sp46257.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\sp49905.exe.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\sp53904.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\sp54931.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\sp58915.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\sp64126.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\tbFree.dll
C:\Users\Bill and Carolyn\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\vacation_quest_54184214-setup[1].exe
C:\Users\Bill and Carolyn\AppData\Local\Temp\{3406546C-ACF9-4ABD-8873-3B49EAD4EC6E}-47.0.2526.106_47.0.2526.80_chrome_updater_3stage.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-22 10:10

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Bill and Carolyn (2016-01-27 14:22:29)
Running from C:\Users\Bill and Carolyn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2009-11-27 08:55:10)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-393720703-981639920-2373800576-500 - Administrator - Disabled)
Bill and Carolyn (S-1-5-21-393720703-981639920-2373800576-1000 - Administrator - Enabled) => C:\Users\Bill and Carolyn
Guest (S-1-5-21-393720703-981639920-2373800576-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-393720703-981639920-2373800576-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-393720703-981639920-2373800576-1000\...\Amazon Kindle) (Version:  - Amazon)
Ancient Spider (remove only) (HKLM-x32\...\Ancient Spider) (Version:  - )
att.net Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2245 - AVAST Software)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Extended Update (HKU\S-1-5-21-393720703-981639920-2373800576-1000\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION
Google Chrome (HKU\S-1-5-21-393720703-981639920-2373800576-1000\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Heartwild Solitaire (HKLM-x32\...\Heartwild Solitaire_is1) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hotel Solitaire (remove only) (HKLM-x32\...\Hotel Solitaire) (Version:  - )
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
Internet Explorer Packages (HKU\S-1-5-21-393720703-981639920-2373800576-1000\...\Internet Explorer Packages) (Version:  - ) <==== ATTENTION
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Thunderbird (3.0.11) (HKLM-x32\...\Mozilla Thunderbird (3.0.11)) (Version: 3.0.11 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
SKIP-BO Castaway Caper (remove only) (HKLM-x32\...\SKIP-BO Castaway Caper) (Version:  - )
Slingo Quest (remove only) (HKLM-x32\...\Slingo Quest) (Version:  - Funkitron)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-393720703-981639920-2373800576-1000\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bill and Carolyn\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-393720703-981639920-2373800576-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Bill and Carolyn\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0087F3C7-4B06-4534-9F4C-B5F1E380789E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {08F469B9-6460-449B-BED2-1840D57B802C} - System32\Tasks\{EAE46E0A-C763-455F-98E3-1A7B7A33D834} => C:\Users\Bill and Carolyn\AppData\Local\Amazon\Kindle\application\Kindle.exe [2011-10-14] (Amazon.com)
Task: {0AEA3230-BD16-468A-9DE4-23BB57EF9B5E} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {0C786AE8-F96D-4502-9BB7-E176F7544C50} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {0D0D978E-5556-478B-A60D-BE89D5F9A2DC} - System32\Tasks\HPCeeScheduleForBill and Carolyn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {1CC24E38-DAF4-455B-B856-2F171EB9694A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {1D4F45AD-49A9-4824-B712-263ADFAD1236} - System32\Tasks\{7FE587E1-A9E2-4A57-BC80-796C970C22BF} => C:\Users\Bill and Carolyn\AppData\Local\Amazon\Kindle\application\Kindle.exe [2011-10-14] (Amazon.com)
Task: {2651A8F8-F89A-4F46-8EE8-9286E6A2E0DB} - System32\Tasks\{C1369529-C5FD-4DE3-9420-7592A8F6A428} => pcalua.exe -a "C:\Program Files (x86)\Ancient Spider\Uninstall.exe"
Task: {321707DA-6D56-4911-AF3F-6904635DAB73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-12] (Adobe Systems Incorporated)
Task: {375CCE04-1A2C-4E02-B633-FE540E1FB3B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {38D726A3-6F18-4C3E-8F9B-1DBFFA48BAAE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {39C946DD-0DBC-4DD2-9654-DF509A9370FE} - System32\Tasks\UpdaterEX => C:\Users\Bill and Carolyn\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {3F68E528-C424-431C-AC21-EF55AE58F9A8} - System32\Tasks\{4B7B5CD3-92CB-4E5B-B7DD-49790F58FB2B} => pcalua.exe -a "C:\Users\Bill and Carolyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBS97J2Y\ssbingo-setup[1].exe" -d "C:\Users\Bill and Carolyn\Desktop"
Task: {4465680F-8D17-4099-8434-91682D3EC626} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {55255ECA-0202-4F28-AD87-4A30A968D4D4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-393720703-981639920-2373800576-1000
Task: {56E2031F-7772-4B63-81EF-1BB4316BF844} - System32\Tasks\{04A09CD4-E0D1-4CA5-B39F-6200AB36E9C3} => C:\Users\Bill and Carolyn\AppData\Local\Amazon\Kindle\application\Kindle.exe [2011-10-14] (Amazon.com)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {69DD270B-03FB-41E0-B0BB-0AC6DAEEFFB4} - System32\Tasks\{E7076F54-D68D-46FB-83C8-4E1AD28FEEDF} => pcalua.exe -a "C:\Users\Bill and Carolyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7Z9RHRV\hardwood_solitaire_III-setup[1].exe" -d "C:\Users\Bill and Carolyn\Desktop"
Task: {6F232242-B4E5-485A-8E67-5A2C5BCFE772} - System32\Tasks\{336A79D0-F4CE-48EF-B525-8F295BC48EEF} => pcalua.exe -a "C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe" -d "C:\Users\Bill and Carolyn\Desktop" -c "C:\Program Files (x86)\RealArcade\Installer\bin\..\installerMain.clf" "C:\Users\Bill and Carolyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z7T3L3HZ\gameInitializer[1].rgi"
Task: {778EF33E-3EEF-4128-A8FE-BE437974E523} - System32\Tasks\{424CD403-94C6-4D68-873D-3D0B02C28A4F} => pcalua.exe -a "C:\Users\Bill and Carolyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7Z9RHRV\Ancient_SpiderSetup-dm[1].exe" -d "C:\Users\Bill and Carolyn\Desktop"
Task: {92C1C28A-5CC5-402D-B203-68C3D39FB412} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {9A3487ED-5CAB-41AB-8936-AF943E339FEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-393720703-981639920-2373800576-1000UA => C:\Users\Bill and Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A597F3BA-0CEC-4115-8671-FEB9864F740C} - System32\Tasks\{2E779108-3E27-483E-A4AE-FA2BDC3A467B} => C:\Users\Bill and Carolyn\AppData\Local\Amazon\Kindle\application\Kindle.exe [2011-10-14] (Amazon.com)
Task: {AB0002E5-D607-4B19-A96B-23BA4B5B6B5D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {AC638486-E10A-4FD9-A3B9-3BB145B10C4E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {BBFFD4CB-8C3D-42F3-A9DD-7B7231590643} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {C03BCD09-7DE0-4860-A983-84E18359FD0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C9FE8D1F-AB07-4631-9384-3DF1F7C696F4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-12] (AVAST Software)
Task: {CF6FBC61-3A2F-4718-B23E-239D009A8CCB} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {D63B0698-9D2A-499F-AEDF-2C0E3310E1CA} - System32\Tasks\{72ABF35F-143B-406B-A7B8-CA74B8EEB3EC} => C:\Users\Bill and Carolyn\AppData\Local\Amazon\Kindle\application\Kindle.exe [2011-10-14] (Amazon.com)
Task: {D86446AF-C16A-4710-A750-497B776A1667} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-393720703-981639920-2373800576-1000Core => C:\Users\Bill and Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E19C5F70-3AF8-462A-8BB1-1C9E2E9E44E1} - System32\Tasks\{26356425-BB80-4C72-AF46-7F9F7EE61DA2} => pcalua.exe -a "C:\Users\Bill and Carolyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBS97J2Y\jenkatarcade[1].exe" -d "C:\Users\Bill and Carolyn\Desktop"
Task: {E5328C0D-BDA0-40AC-BD44-A9ECE7535C52} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-393720703-981639920-2373800576-1000Core.job => C:\Users\Bill and Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-393720703-981639920-2373800576-1000UA.job => C:\Users\Bill and Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBill and Carolyn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\BILLAN~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4F8BECB9
AlternateDataStreams: C:\ProgramData\Temp:54F7A151
AlternateDataStreams: C:\ProgramData\Temp:57B4E612
AlternateDataStreams: C:\ProgramData\Temp:6987107A
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:9A7901A9
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:C46995DA
AlternateDataStreams: C:\ProgramData\Temp:CBAC4FD8
AlternateDataStreams: C:\ProgramData\Temp:D7DEAA30
AlternateDataStreams: C:\ProgramData\Temp:EF4B1DA9
AlternateDataStreams: C:\ProgramData\Temp:F8A67568
AlternateDataStreams: C:\ProgramData\Temp:FC89CE5A

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-393720703-981639920-2373800576-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bill and Carolyn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: Exetender => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: Google Update => "C:\Users\Bill and Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Sprint SmartView => "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1DBB5012-EB61-4599-932C-8D89F9D6A1B1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{077BA1F2-0C94-4C19-979B-65EACA6D0D6A}] => (Allow) C:\Program Files (x86)\ATT-HSI\McciBrowser.exe
FirewallRules: [{678903C3-3E11-43B5-BADD-EA33EB1AFAFD}] => (Allow) C:\Program Files (x86)\ATT-HSI\McciBrowser.exe
FirewallRules: [{9F6F0750-2018-43E9-AC43-B6345AA15FDC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{1A201C44-B348-4667-AC3F-4A65EF33A522}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{DB30B926-F84C-45C3-A08D-3DF9685AFA98}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{612F5EF1-D87A-4D9C-8C8B-EF9E7CEDBEF4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{8D8667A9-A03A-4E2D-B0CD-38AD79D21AB6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{C1A0EB29-C6B8-48CF-885A-F4FA037C97AA}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{D66AD4B9-4F8A-4712-9333-147F96DA6C71}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{52E0D49B-39A4-4BDE-977D-6DFEA998EA2D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{9EE35C42-ACF7-433A-A4DF-88A416CBF4FC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{1FB4088F-3188-415A-9950-C69CA40E2076}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{2D1ADD9F-6E4A-482F-A228-0C77318B3013}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{F27A41BE-D9D6-4D13-AA7E-B70EB811495C}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{55BCFEE7-18B3-423B-A3A9-7AB5BB59FCCB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{5A4A33B3-6B4A-4C7E-8C7E-986D65C264AC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{57C4BAC6-D660-417F-8A30-9920309E9327}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{8CE7E14C-E4AB-40CB-80EC-D136AB281F06}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{69326A43-DC87-46A9-9C41-C1D4B3A5F5EF}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{9296469A-BC19-4E44-A66C-5DA712F22507}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{07021966-8559-4888-92F4-AAFF7F767F28}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{84896914-4AA6-4FFA-83F5-C890C081C1AF}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{BC5EF2FE-3590-45F0-BC47-344AF01A7C19}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{B3D83654-BAF8-4AC8-9592-88BF3FFFF524}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{27BF7A5C-DA31-4925-A8AF-F28A02B88CC1}] => (Allow) LPort=5353
FirewallRules: [{CF582622-D648-4B41-A286-163FC71FBC2F}] => (Allow) LPort=9322
FirewallRules: [{E12C2D4D-66F4-4C94-A961-A899BFCDB2B7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{A9FE5DE4-A559-4649-BEA2-44385507D310}C:\users\bill and carolyn\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bill and carolyn\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{667BEC3D-B925-49FC-93E7-128AD8E9B24D}C:\users\bill and carolyn\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bill and carolyn\appdata\roaming\dropbox\bin\dropbox.exe

==================== Restore Points =========================

24-11-2015 08:02:35 Windows Update
27-11-2015 09:13:07 Windows Update
29-11-2015 07:45:00 Installed HP Support Assistant
29-11-2015 09:31:47 Windows Modules Installer
29-11-2015 09:33:46 Windows Modules Installer
01-12-2015 14:19:25 Windows Update
01-12-2015 14:24:01 Restore Operation
01-12-2015 14:35:39 avast! antivirus system restore point
12-12-2015 07:47:21 avast! antivirus system restore point
15-12-2015 08:04:24 Windows Update
16-12-2015 06:50:02 Windows Update
17-12-2015 10:08:26 Windows Update
18-12-2015 15:30:02 Windows Update
21-12-2015 07:26:17 Installed HP Support Assistant
21-12-2015 07:34:06 Windows Modules Installer
21-12-2015 07:36:00 Windows Modules Installer
22-12-2015 09:45:45 Windows Update

==================== Faulty Device Manager Devices =============

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2015 10:19:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/18/2015 03:33:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: efc

Start Time: 01d139d296028d00

Termination Time: 156

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 74e478d1-a5c6-11e5-a2f4-90e6ba1d4d82

Error: (12/16/2015 06:44:01 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1628) WebCacheLocal: An attempt to open the file "C:\Users\Bill and Carolyn\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/15/2015 04:33:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18098 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 480

Start Time: 01d137800b709c30

Termination Time: 234

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/15/2015 11:06:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18098 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1158

Start Time: 01d1375241fb28c0

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/02/2015 07:22:54 AM) (Source: ESENT) (EventID: 454) (User: )
Description: DllHost (668) WebCacheLocal: Database recovery/restore failed with unexpected error -543.

Error: (12/02/2015 07:22:54 AM) (Source: ESENT) (EventID: 452) (User: )
Description: DllHost (668) WebCacheLocal: Database C:\Users\Bill and Carolyn\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat requires logfiles 20826-20835 in order to recover successfully. Recovery could only locate logfiles starting at 20835.

Error: (12/01/2015 02:36:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 640

Start Time: 01d12c6f63bff6e0

Termination Time: 125

Application Path: C:\Windows\Explorer.EXE

Report Id: c30d2641-9862-11e5-b739-90e6ba1d4d82

Error: (12/01/2015 02:35:41 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000022.

Error: (12/01/2015 02:16:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

System errors:
=============
Error: (01/27/2016 02:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/27/2016 02:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/27/2016 02:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/27/2016 02:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/27/2016 02:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/27/2016 02:19:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/27/2016 02:13:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/27/2016 02:13:07 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/27/2016 02:13:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/27/2016 02:13:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

==================== Memory info ===========================

Processor: AMD Sempron Processor LE-1250
Percentage of memory in use: 30%
Total physical RAM: 3966.49 MB
Available physical RAM: 2764.24 MB
Total Virtual: 7931.19 MB
Available Virtual: 6704.29 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:204.37 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Thank you,

Keefer Zeller

 

 

 

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...
 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Please open Malwarebytes Anti-Malware.
 

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.
 

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
 

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Next,

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)
 

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning


    drwebselect.JPG
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


    drwebfolders.JPG
     
  • Press start scan
  • The scan will now commence


    drwebscan.JPG
     
  • Once the scan has finished click open report <<<--- Do not miss this step


    drwebscancomplete.JPG
     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop


This log will be excessive,  Please attach it to your next reply…
 

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thank you,

 

Kevin...

Fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.