Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop-ups and redirect


  • This topic is locked This topic is locked
11 replies to this topic

#1 lilbrat0326

lilbrat0326

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 12 December 2013 - 09:00 AM

Hello,

 

I have windows 8 and have been getting pop-ups from jsnonline and rvzr2 almost every time I click a link. I also get re-directed quite often. I tried to run the DDS log but got an error message "not meant to run in compatibility mode. This program will now shut down". I notice that windows xp/ vista/ 7 are the only listed operating systems. Is it not working because I have windows 8? 

 

TIA!

 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 12 December 2013 - 11:41 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 lilbrat0326

lilbrat0326
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 16 December 2013 - 12:35 PM

Hi Marius,

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-12-2013 02
Ran by Anna (administrator) on ANNAHP on 16-12-2013 12:30:23
Running from C:\Users\Anna\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conduit) C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Pokki) C:\Users\Anna\AppData\Local\Pokki\Engine\pokki.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Pokki) C:\Users\Anna\AppData\Local\Pokki\Engine\pokki.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Spigot, Inc.) C:\Users\Anna\AppData\Roaming\Search Protection\SearchProtection.exe
(Conduit) C:\Users\Anna\AppData\Roaming\SearchProtect\bin\cltmng.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Conduit) C:\Users\Margarita\AppData\Roaming\SearchProtect\bin\cltmng.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\Beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-01-30] (IDT, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SearchProtection] - C:\Users\Anna\AppData\Roaming\Search Protection\SearchProtection.exe [832360 2013-09-03] (Spigot, Inc.)
HKCU\...\Run: [SearchProtect] - C:\Users\Anna\AppData\Roaming\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)
HKCU\...\Run: [HP Photosmart 7520 series (NET)] - C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [Pokki] - C:\WINDOWS\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKCU\...\Run: [uTorrent] - C:\Users\Anna\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-23] (BitTorrent Inc.)
HKCU\...\RunOnce: [Application Restart #1] - C:\Users\Anna\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Anna\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session [8252744 2013-11-01] (Pokki)
HKCU\...\Policies\Explorer: [NofolderOptions] 0
HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
URLSearchHook: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
URLSearchHook: HKCU - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {CCCD80FF-82C9-4682-A0F3-34208CDFE6AF} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {CCCD80FF-82C9-4682-A0F3-34208CDFE6AF} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN28496187261060131&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {478E4640-1ACE-4457-BA53-092C3CDE9BB4} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=617686&p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
BHO-x32: Better Surf Plus - {1824FF90-C98E-48A6-838F-E3B6572B0C77} - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll No File
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
BHO-x32: TidyNetwork.com - {7736C7FA-512D-11E2-B871-DEC36088709B} - C:\Users\Anna\AppData\Local\TidyNetwork.com\tidy2ie.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
Toolbar: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {739DF940-C5EE-4BAB-9D7E-270894AE687A} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.13.180 167.206.13.181 192.168.1.1
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (WhiteSmoke New) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0
CHR Extension: (Water's Valley) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhpodmbdlgmgffpgbennemfkjhhaocfl\1.1_0
CHR Extension: (Norton Identity Protection) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.5.2_0
CHR Extension: (Better Surf Plus) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmifolfpllfdhilecpdpmemhelmanajl\1.1_0
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (BetterSrf) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Anna\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx
 
==================== Services (Whitelisted) =================
 
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-08] (Conduit)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [831272 2013-06-20] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-06-20] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [548136 2013-06-20] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-06-20] (AnchorFree Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131213.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-10-08] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131215.005\ENG64.SYS [126040 2013-10-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131215.005\EX64.SYS [2099288 2013-10-30] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-15] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-16 12:30 - 2013-12-16 12:30 - 00021860 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-16 12:29 - 2013-12-16 12:29 - 01927940 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-16 12:29 - 2013-12-16 12:29 - 01060997 _____ (Farbar) C:\Users\Anna\Downloads\FRST.exe
2013-12-16 12:29 - 2013-12-16 12:29 - 00000000 ____D C:\FRST
2013-12-12 08:55 - 2013-12-12 08:55 - 00688992 _____ (Swearware) C:\Users\Anna\Downloads\dds (2).com
2013-12-12 08:53 - 2013-12-12 08:53 - 00688992 _____ (Swearware) C:\Users\Anna\Downloads\dds (1).com
2013-12-12 08:52 - 2013-12-12 08:52 - 00688992 _____ (Swearware) C:\Users\Anna\Downloads\dds.com
2013-12-12 08:44 - 2013-12-12 08:44 - 00001047 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-12-12 08:44 - 2013-12-12 08:44 - 00000020 ___SH C:\Users\fbwuser\ntuser.ini
2013-12-12 08:44 - 2013-10-21 00:22 - 00000000 ____D C:\Users\fbwuser\Documents\hp.system.package.metadata
2013-12-12 08:44 - 2013-10-21 00:22 - 00000000 ____D C:\Users\fbwuser\AppData\Local\Microsoft Help
2013-12-12 08:44 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-12 08:44 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-12 08:44 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-12 08:44 - 2013-08-22 10:36 - 00000000 ____D C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-11 19:59 - 2013-12-11 19:59 - 00000000 ____D C:\Users\Anna\AppData\Local\SearchProtect
2013-12-11 14:31 - 2013-11-22 23:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-11 14:31 - 2013-11-22 23:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-11 14:31 - 2013-10-15 03:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-11 14:31 - 2013-10-15 03:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-11 14:30 - 2013-11-09 01:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-11 14:30 - 2013-11-09 01:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-11 14:30 - 2013-11-09 00:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-10 18:03 - 2013-12-10 18:04 - 00000000 ____D C:\Users\Margarita\Desktop\Margarita docs
2013-12-10 04:12 - 2013-12-10 04:12 - 00000081 _____ C:\extensions.ini
2013-12-10 04:11 - 2013-12-10 04:11 - 00000000 ____D C:\Program Files (x86)\BetterSurf
2013-12-09 07:44 - 2013-12-09 07:44 - 00000000 ____D C:\Users\Margarita\AppData\Local\SearchProtect
2013-12-03 23:42 - 2013-12-04 00:02 - 00004958 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ANNAHP-Anna AnnaHP
2013-11-27 14:43 - 2013-11-27 14:43 - 00036882 _____ C:\Users\Anna\Downloads\[kickass.to]orange.is.the.new.black.s01e13.720p.webrip.x264.abjex.eztv.torrent
2013-11-27 14:31 - 2013-11-27 14:31 - 00037082 _____ C:\Users\Anna\Downloads\[kickass.to]orange.is.the.new.black.s01e12.720p.webrip.x264.abjex.eztv.torrent
2013-11-25 18:59 - 2013-11-25 18:59 - 00033069 _____ C:\Users\Anna\Downloads\[kickass.to]orange.is.the.new.black.s01e06.720p.webrip.aac2.0.x264.abjex.ez.torrent
2013-11-25 17:40 - 2013-11-25 17:40 - 00004798 _____ C:\Users\Anna\Downloads\[kickass.to]orange.is.the.new.black.s01e05.720p.webrip.h264.abjex.torrent
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 ____D C:\Program Files (x86)\Better-Surf
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 _____ C:\extensions.sqlite
2013-11-24 14:02 - 2013-11-24 14:02 - 00033988 _____ C:\Users\Anna\Downloads\[kickass.to]orange.is.the.new.black.s01e04.720p.webrip.aac2.0.abjex.eztv.torrent
2013-11-24 14:02 - 2013-11-24 14:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-23 14:30 - 2013-11-23 14:30 - 00000000 ____D C:\MATS
2013-11-23 14:28 - 2013-11-23 14:28 - 00347304 _____ (Microsoft Corporation) C:\Users\Anna\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe
2013-11-23 11:53 - 2013-11-23 11:53 - 00034484 _____ C:\Users\Anna\Downloads\[kickass.to]orange.is.the.new.black.s01e03.720p.webrip.aac2.0.abjex.eztv.torrent
 
==================== One Month Modified Files and Folders =======
 
2013-12-16 12:30 - 2013-12-16 12:30 - 00021860 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-16 12:30 - 2013-07-16 23:39 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C5C69772-8C0F-4132-97A3-C758E2A5D07F}
2013-12-16 12:30 - 2013-07-14 08:27 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2635758641-2149021776-2918133044-1001
2013-12-16 12:29 - 2013-12-16 12:29 - 01927940 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-16 12:29 - 2013-12-16 12:29 - 01060997 _____ (Farbar) C:\Users\Anna\Downloads\FRST.exe
2013-12-16 12:29 - 2013-12-16 12:29 - 00000000 ____D C:\FRST
2013-12-16 12:29 - 2013-07-16 23:46 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2635758641-2149021776-2918133044-1004
2013-12-16 12:28 - 2013-10-21 00:30 - 02031424 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-16 12:26 - 2013-07-14 08:19 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{515DB08E-76C6-49B5-8267-A4B2CB712098}
2013-12-16 12:22 - 2013-07-14 23:07 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-16 12:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-16 09:11 - 2013-07-15 04:16 - 00000352 _____ C:\WINDOWS\Tasks\AmiUpdXp.job
2013-12-16 06:29 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-16 04:14 - 2013-07-24 12:34 - 00000000 ____D C:\Users\Anna\AppData\Local\Pokki
2013-12-15 15:22 - 2013-07-14 23:07 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-15 15:22 - 2013-07-14 23:07 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 05:56 - 2013-08-14 08:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-15 05:54 - 2013-07-15 12:20 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-12 08:55 - 2013-12-12 08:55 - 00688992 _____ (Swearware) C:\Users\Anna\Downloads\dds (2).com
2013-12-12 08:54 - 2013-07-15 04:09 - 00000000 ____D C:\Users\Anna\AppData\Roaming\uTorrent
2013-12-12 08:53 - 2013-12-12 08:53 - 00688992 _____ (Swearware) C:\Users\Anna\Downloads\dds (1).com
2013-12-12 08:52 - 2013-12-12 08:52 - 00688992 _____ (Swearware) C:\Users\Anna\Downloads\dds.com
2013-12-12 08:44 - 2013-12-12 08:44 - 00001047 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-12-12 08:44 - 2013-12-12 08:44 - 00000020 ___SH C:\Users\fbwuser\ntuser.ini
2013-12-12 08:44 - 2013-07-15 04:10 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-12-12 06:47 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-11 22:01 - 2013-10-22 22:49 - 00000000 ___RD C:\Users\Margarita\SkyDrive
2013-12-11 20:15 - 2013-07-20 20:08 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-11 20:05 - 2013-08-26 09:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 20:00 - 2013-10-21 00:36 - 00000000 __RDO C:\Users\Anna\SkyDrive
2013-12-11 19:59 - 2013-12-11 19:59 - 00000000 ____D C:\Users\Anna\AppData\Local\SearchProtect
2013-12-11 19:50 - 2013-09-29 23:04 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-11 19:49 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-11 19:46 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-11 19:46 - 2013-08-22 09:44 - 00484272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-11 19:45 - 2013-09-29 22:55 - 00003280 _____ C:\WINDOWS\PFRO.log
2013-12-11 19:45 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-12-10 18:04 - 2013-12-10 18:03 - 00000000 ____D C:\Users\Margarita\Desktop\Margarita docs
2013-12-10 17:48 - 2013-07-16 23:38 - 00000000 ____D C:\Users\Margarita\AppData\Local\Packages
2013-12-10 04:12 - 2013-12-10 04:12 - 00000081 _____ C:\extensions.ini
2013-12-10 04:11 - 2013-12-10 04:11 - 00000000 ____D C:\Program Files (x86)\BetterSurf
2013-12-09 07:44 - 2013-12-09 07:44 - 00000000 ____D C:\Users\Margarita\AppData\Local\SearchProtect
2013-12-04 00:02 - 2013-12-03 23:42 - 00004958 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ANNAHP-Anna AnnaHP
2013-12-03 19:05 - 2013-08-22 10:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-03 19:05 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-27 19:23 - 2013-07-15 04:35 - 00000000 ____D C:\Users\Anna\AppData\Roaming\vlc
2013-11-27 15:17 - 2013-07-14 23:07 - 00003880 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-27 15:17 - 2013-07-14 23:07 - 00003644 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-27 14:43 - 2013-11-27 14:43 - 00036882 _____ C:\Users\Anna\Downloads\[kickass.to]orange.is.the.new.black.s01e13.720p.webrip.x264.abjex.eztv.torrent
2013-11-27 14:31 - 2013-11-27 14:31 - 00037082 _____ C:\Users\Anna\Downloads\[kickass.to]orange.is.the.new.black.s01e12.720p.webrip.x264.abjex.eztv.torrent
2013-11-25 18:59 - 2013-11-25 18:59 - 00033069 _____ C:\Users\Anna\Downloads\[kickass.to]orange.is.the.new.black.s01e06.720p.webrip.aac2.0.x264.abjex.ez.torrent
2013-11-25 17:40 - 2013-11-25 17:40 - 00004798 _____ C:\Users\Anna\Downloads\[kickass.to]orange.is.the.new.black.s01e05.720p.webrip.h264.abjex.torrent
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 ____D C:\Program Files (x86)\Better-Surf
2013-11-25 14:11 - 2013-11-25 14:11 - 00000000 _____ C:\extensions.sqlite
2013-11-24 14:02 - 2013-11-24 14:02 - 00033988 _____ C:\Users\Anna\Downloads\[kickass.to]orange.is.the.new.black.s01e04.720p.webrip.aac2.0.abjex.eztv.torrent
2013-11-24 14:02 - 2013-11-24 14:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-23 18:41 - 2013-07-16 23:39 - 00000000 ___RD C:\Users\Margarita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-23 18:41 - 2013-07-16 23:39 - 00000000 ___RD C:\Users\Margarita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-23 14:48 - 2013-09-29 22:51 - 00000000 ____D C:\WINDOWS\ShellNew
2013-11-23 14:30 - 2013-11-23 14:30 - 00000000 ____D C:\MATS
2013-11-23 14:28 - 2013-11-23 14:28 - 00347304 _____ (Microsoft Corporation) C:\Users\Anna\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe
2013-11-23 14:24 - 2013-10-26 01:04 - 00002151 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2013-11-23 14:24 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2013-11-23 14:16 - 2013-07-14 08:19 - 00000000 ___RD C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-23 14:16 - 2013-07-14 08:19 - 00000000 ___RD C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-23 14:14 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-11-23 14:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-11-23 14:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2013-11-23 14:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-11-23 11:53 - 2013-11-23 11:53 - 00034484 _____ C:\Users\Anna\Downloads\[kickass.to]orange.is.the.new.black.s01e03.720p.webrip.aac2.0.abjex.eztv.torrent
2013-11-22 23:34 - 2013-12-11 14:31 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-11-22 23:13 - 2013-12-11 14:31 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-11-22 18:25 - 2013-08-22 09:46 - 00333019 _____ C:\WINDOWS\setupact.log
 
Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\oct7438.tmp.exe
C:\Users\Anna\AppData\Local\Temp\octA537.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-11 19:57
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2013 02
Ran by Anna at 2013-12-16 12:30:49
Running from C:\Users\Anna\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.2.30303)
4 Elements II (x32 Version: 2.2.0.98)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Airport Mania (x32 Version: 2.2.0.95)
Azteca (x32 Version: 2.2.0.97)
Bejeweled 3 (x32 Version: 2.2.0.98)
Better Surf Plus (x32 Version: 1.1) <==== ATTENTION
Bonjour (Version: 3.0.0.10)
Bounce Symphony (x32 Version: 2.2.0.97)
Build-a-lot (x32 Version: 2.2.0.98)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
Curse at Twilight (x32 Version: 3.0.2.32)
CyberLink LabelPrint (x32 Version: 2.5.3.5901)
CyberLink Media Suite 10 (x32 Version: 10.0.3.2509)
Cyberlink PhotoDirector (x32 Version: 3.0.1.3724)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2301)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2524)
CyberLink PowerDVD (x32 Version: 10.0.8.4930)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32)
Facebook (HKCU Version: 1.0.9.45200)
Farm Frenzy (x32 Version: 2.2.0.98)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
Hotspot Shield 3.09 (x32 Version: 3.09)
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98)
HP Connected Music (Meridian - installer) (x32 Version: 1.0)
HP Connected Music (Meridian - player) (HKCU Version: 1.1 (build 59) hp)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP MyRoom (x32 Version: 9.0.0.0)
HP Photo Creations (x32 Version: 1.0.0.7702)
HP Photosmart 7520 series Basic Device Software (Version: 28.0.1315.0)
HP Photosmart 7520 series Help (x32 Version: 28.0.0)
HP Photosmart 7520 series Product Improvement Study (Version: 28.0.1315.0)
HP Postscript Converter (Version: 4.0.4100)
HP Quick Start (x32 Version: 1.0.4660.30220)
HP Registration Service (Version: 1.2.6263.4289)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 12.00.0000)
HP Update (x32 Version: 5.003.003.001)
IDT Audio (x32 Version: 1.0.6451.0)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 10.18.10.3262)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Jewel Match 3 (x32 Version: 2.2.0.98)
Luxor Evolved (x32 Version: 2.2.0.98)
Mah Jong Medley (x32 Version: 2.2.0.95)
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1011)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98)
Norton Internet Security (x32 Version: 20.4.0.40)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1011)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1011)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017)
Peggle Nights (x32 Version: 2.2.0.98)
Photo Gallery (x32 Version: 16.4.3505.0912)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
Pokki (HKCU Version: 0.266.1.172)
Pokki Download Helper (HKCU Version: 1.3.1.282)
Polar Bowler (x32 Version: 2.2.0.97)
Qualcomm Atheros Driver Installation Program (x32 Version: 10.0)
Recovery Manager (x32 Version: 5.5.0.6208)
Roads of Rome 3 (x32 Version: 2.2.0.98)
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32)
Search Protect by conduit (x32 Version: 1.7.0.72) <==== ATTENTION
Search Protection (HKCU Version: 7.5.0.1)
Software Version Updater (x32 Version: 1.1.3.7) <==== ATTENTION
Tales of Lagoona (x32 Version: 2.2.0.110)
TI xHCI Filter Driver 1.0.0.4 (x32 Version: 1.0.0.4)
TidyNetwork.com (HKCU)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition (x32)
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition (x32)
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition (x32)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition (x32)
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition (x32)
Update for Microsoft Project 2013 (KB2727085) 32-Bit Edition (x32)
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition (x32)
Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition (x32)
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition (x32)
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32)
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition (x32)
Update for Microsoft Word 2013 (KB2850060) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Vacation Quest™ - Australia (x32 Version: 3.0.2.32)
VLC media player 2.0.0 (x32 Version: 2.0.0)
WhiteSmoke New Toolbar (x32 Version: 6.14.0.28)
WildTangent Games (x32 Version: 1.0.4.0)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Youda Jewel Shop (x32 Version: 3.0.2.32)
Zuma's Revenge (x32 Version: 2.2.0.98)
 
==================== Restore Points  =========================
 
29-11-2013 10:04:32 Windows Update
03-12-2013 08:12:44 Windows Update
07-12-2013 04:44:45 Windows Update
12-12-2013 00:58:35 Windows Update
15-12-2013 10:50:49 Windows Update
 
==================== Hosts content: ==========================
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {03783E88-E9CB-49CC-8597-0A4F86885A5F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-02-14] (Hewlett-Packard)
Task: {044C0ECB-D77C-4D85-A7C5-01275585901D} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {09423473-D86E-4AEC-AF0B-3D2A99E8D5D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CDA7F67-716F-4559-B04D-B637BE0C0E28} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate
Task: {1033D8B6-2857-4CAF-A8A1-3261C1E7B8B2} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {1C8F690C-96AD-4BE1-97E9-BF7F9F333AF6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ANNAHP-Anna AnnaHP => C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE [2013-11-08] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2439E9E9-7339-440E-931E-2E2A13607D67} - System32\Tasks\TidyNetwork Metro => C:\Program Files (x86)\TidyNetwork.com\tidy2start.exe [2013-07-15] ()
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {301E5409-3752-4F7C-BB31-378B1E7BBDB7} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2635758641-2149021776-2918133044-1001 => Rundll32.exe portabledeviceapi.dll,#1
Task: {349A1832-7188-4E19-9397-1E36245AEB18} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {414477E6-B6F8-4564-B015-628E98BEA791} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4FD9CB38-011B-415E-B1DB-3A4AD6D4CEE4} - System32\Tasks\AmiUpdXp => C:\Users\Anna\AppData\Local\SwvUpdater\Updater.exe [2013-07-22] (Amonetize ltd.) <==== ATTENTION
Task: {5CE68634-2A86-4EAA-94C8-5A6B9D2958B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.)
Task: {5CE7769A-8D57-40E1-B305-75F818D83A95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {5CF70561-0C72-49A7-BA3D-053DE5956C33} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {5ED71214-DD7A-4CFE-A007-F042F123ECF6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-12-11] (Microsoft Corporation)
Task: {6622C7C4-A92C-4479-8BE3-AFA23F1D185A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-15] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7AB7757B-8A54-4130-ABC2-2719260221EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7E348D61-8ED7-4B9A-B0E6-5C99C92CB79F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8A38EAE9-FA85-4B31-A1A0-A0B45D8999B7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D37FCCF-7F1F-4034-A7F8-364F0D69938B} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Task: {9414BA86-8A60-47D5-8227-D0165C25E3E6} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2635758641-2149021776-2918133044-1004 => Rundll32.exe portabledeviceapi.dll,#1
Task: {943C5EE0-A416-4945-8065-CF17838EEB13} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1B69819-D0D4-40A8-90CF-E0165C903E1E} - System32\Tasks\TidyNetwork Update => C:\Users\Anna\AppData\Local\TidyNetwork.com\tidy2update.exe [2013-07-15] ()
Task: {A40C3CA9-6C1D-460D-B3BF-C4CFB52D3A92} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A693A6E9-FB8C-46CA-932B-88DC7684BE1C} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
Task: {C62744A6-6EC1-4B8D-8B42-EFB6F56E31BD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E68AD8EA-30A8-4F14-BF53-7F601162CCDE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-02] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F2CE1AD2-C4A4-4265-9802-097FE3A3BB06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.)
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\Anna\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-11-01 00:31 - 2013-11-01 00:31 - 02329928 _____ () C:\Users\Anna\AppData\Local\Pokki\ocdeskband_0.dll
2013-11-13 22:24 - 2013-11-13 22:24 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-20 04:51 - 2013-11-20 04:51 - 00183808 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-08-26 07:33 - 2013-08-26 07:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-02 19:49 - 2012-07-18 03:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-15 04:53 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-09-06 21:11 - 2013-09-06 21:11 - 00569856 _____ () C:\Users\Anna\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2013-09-06 21:11 - 2013-09-06 21:11 - 01400846 _____ () C:\Users\Anna\AppData\Local\Pokki\Engine\avcodec-54.dll
2013-09-06 21:11 - 2013-09-06 21:11 - 00151054 _____ () C:\Users\Anna\AppData\Local\Pokki\Engine\avutil-51.dll
2013-09-06 21:11 - 2013-09-06 21:11 - 00222734 _____ () C:\Users\Anna\AppData\Local\Pokki\Engine\avformat-54.dll
2013-06-20 19:46 - 2013-06-20 19:46 - 00749352 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2013-12-04 23:24 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-04 23:24 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-04 23:24 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-04 23:24 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-04 23:24 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-04 23:24 - 2013-12-03 21:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\WINDOWS\system32\dlbkcomc.dll:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Anna\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Margarita\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/16/2013 00:28:33 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ed48
 
Start Time: 01cefa8388d2b7f1
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 7c54dd16-6677-11e3-be8c-8851fb686d02
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 11:58:34 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e03c
 
Start Time: 01cefa7f57ee88ea
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 4bdd6e00-6673-11e3-be8c-8851fb686d02
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 11:28:34 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e91c
 
Start Time: 01cefa7b270b30bc
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 1b013d71-666f-11e3-be8c-8851fb686d02
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 10:58:34 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e970
 
Start Time: 01cefa76f62709f7
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: ea1ab44f-666a-11e3-be8c-8851fb686d02
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 10:28:34 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e41c
 
Start Time: 01cefa72c53eedb1
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: b92dd324-6666-11e3-be8c-8851fb686d02
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 09:58:34 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c074
 
Start Time: 01cefa6e945a8d49
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 884bd535-6662-11e3-be8c-8851fb686d02
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 09:28:34 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e704
 
Start Time: 01cefa6a63771e03
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 5766471f-665e-11e3-be8c-8851fb686d02
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 08:58:34 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e194
 
Start Time: 01cefa6632924385
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 268f3b3f-665a-11e3-be8c-8851fb686d02
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 08:28:34 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e148
 
Start Time: 01cefa6201ac89a0
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: f5a033e0-6655-11e3-be8c-8851fb686d02
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 07:58:34 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: dfa8
 
Start Time: 01cefa5dd0c7a240
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: c4b687c3-6651-11e3-be8c-8851fb686d02
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (12/16/2013 10:00:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/16/2013 04:41:14 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Hewlett-Packard  - Imaging, Other hardware - Null Fax - HP Photosmart 7520 series.
 
Error: (12/16/2013 04:41:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Hewlett-Packard  - Imaging, Other hardware - Null Print - HP Photosmart 7520 series.
 
Error: (12/15/2013 05:56:30 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
 
Error: (12/15/2013 05:56:28 PM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/15/2013 05:39:19 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (12/15/2013 05:39:19 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (12/15/2013 05:39:19 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (12/15/2013 05:39:19 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (12/15/2013 05:39:16 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
 
Microsoft Office Sessions:
=========================
Error: (12/16/2013 00:28:33 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20315ed4801cefa8388d2b7f14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe7c54dd16-6677-11e3-be8c-8851fb686d02microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 11:58:34 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20315e03c01cefa7f57ee88ea4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe4bdd6e00-6673-11e3-be8c-8851fb686d02microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 11:28:34 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20315e91c01cefa7b270b30bc4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe1b013d71-666f-11e3-be8c-8851fb686d02microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 10:58:34 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20315e97001cefa76f62709f74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exeea1ab44f-666a-11e3-be8c-8851fb686d02microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 10:28:34 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20315e41c01cefa72c53eedb14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exeb92dd324-6666-11e3-be8c-8851fb686d02microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 09:58:34 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20315c07401cefa6e945a8d494294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe884bd535-6662-11e3-be8c-8851fb686d02microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 09:28:34 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20315e70401cefa6a63771e034294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe5766471f-665e-11e3-be8c-8851fb686d02microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 08:58:34 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20315e19401cefa66329243854294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe268f3b3f-665a-11e3-be8c-8851fb686d02microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 08:28:34 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20315e14801cefa6201ac89a04294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exef5a033e0-6655-11e3-be8c-8851fb686d02microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/16/2013 07:58:34 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20315dfa801cefa5dd0c7a2404294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exec4b687c3-6651-11e3-be8c-8851fb686d02microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 60%
Total physical RAM: 8076.85 MB
Available physical RAM: 3185.39 MB
Total Pagefile: 19340.85 MB
Available Pagefile: 13893.88 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:911.89 GB) (Free:840.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.8 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:454.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: B3F0214E)
 
Partition: GPT Partition TypeAttempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End Of Log ============================
 
I am having difficulty downloading TDSSKiller.zip. I get an error message "We're sorry. We can't open TDSSKiller.zip because we found a problem with it's contents" from Microsoft Office.
 
Thank you!
 


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 17 December 2013 - 06:23 AM

Skip TDSS-Killer, run aswMBR instead:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 lilbrat0326

lilbrat0326
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 17 December 2013 - 03:44 PM

Hi Marius,

 

This is all I've got:

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-17 15:40:25
-----------------------------
15:40:25.549    OS Version: Windows x64 6.2.9200 
15:40:25.549    Number of processors: 4 586 0x3A09
15:40:25.550    ComputerName: ANNAHP  UserName: Anna
15:40:25.895    Initialze error 1 
15:41:46.051    AVAST engine defs: 13121700
15:42:31.928    The log file has been saved successfully to "C:\Users\Anna\Desktop\aswMBR.txt"
 
Thanks!


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 19 December 2013 - 05:26 AM

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 lilbrat0326

lilbrat0326
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 20 December 2013 - 04:15 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
 
Database version: v2013.10.02.12
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Anna :: ANNAHP [administrator]
 
12/20/2013 3:57:24 PM
mbar-log-2013-12-20 (15-57-24).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 278488
Time elapsed: 14 minute(s), 4 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 22 December 2013 - 02:34 PM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 lilbrat0326

lilbrat0326
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 22 December 2013 - 03:20 PM

I get an error message when trying to download it. "Combofix is not meant to run in 'Compatibility Mode'. This program will now exit".



#10 lilbrat0326

lilbrat0326
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 25 December 2013 - 11:25 PM

Is there anything I could do? The pop-ups and redirecting are getting worse every time I use the computer. Now the computer is increasingly slow and freezing. Thanks.



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 01 January 2014 - 12:02 PM

Sorry, I was out of town.

 

Please create and post anew log of FRST.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 10 February 2014 - 08:50 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users