Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ton of malware on my moms laptop


  • This topic is locked This topic is locked
9 replies to this topic

#1 Lunis

Lunis

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 26 May 2014 - 01:10 PM

My mom wanted me to clean her laptop because she said it was running slow and had a lot of popups. I scanned it with HijackThis and was shocked at how much crap was on there, worse still I couldn't fix it with HijackThis since I was denied access to the Hosts file.
 
Here is the log from dds:
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Laura at 13:56:52 on 2014-05-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.2283 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe
C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\002\yewimmxqbs64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Users\Laura\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Users\Laura\AppData\Local\WeatherAlerts\WeatherAlerts.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Java Component Manager\srvlet32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3321741&octid=EB_ORIGINAL_CTID&ISID=M4B486B16-04E9-4BA1-B638-E455E3D8F301&SearchSource=55&CUI=&UM=5&UP=SPBA3F662F-DD01-40CF-9466-29E006FB9DEE&SSPV=
uSearch Bar = Preserve
mStart Page = hxxp://speedial.com/?f=1&a=spd_dsites02_14_19_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCtA0AtByEtDyDtA0B0EtCtN0D0Tzu0SzzyCtDtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0C0F0C0FyE0CtCtGtD0AyCzytGyE0FtDtDtG0EyBtCtDtGtD0FtC0FyDzy0E0Fzz0A0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0DtCzz0AyBtBtGtB0CtByDtGyBtD0FyBtG0AyD0E0CtGtBzyyBtCzy0FtCtD0C0Bzzzz2Q&cr=1729445156&ir=
uProxyServer = hxxp=127.0.0.1:49203;https=127.0.0.1:49203
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: SocialRibbons: {4BE60886-F6AA-4714-8109-EA6D8247DD57} - C:\Program Files (x86)\SocialRibbons\Toolbar.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Updater For Quizulous: {bd3764dc-af95-4c47-984a-e7997e1d4691} - C:\Program Files (x86)\quizulous\auxi\gametheorytemplaAu.dll
BHO: Quizulous: {c5821a9f-f263-454e-822b-e4beb1b68cef} - C:\Program Files (x86)\quizulous\gametheorytemplateX.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: ConstaSurf: {d7356335-81bf-4769-bfbd-2e2889138641} - C:\Program Files (x86)\ConstaSurf\ConstaSurfbho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Quizulous: {c5821a9f-f263-454e-822b-e4beb1b68cef} - C:\Program Files (x86)\quizulous\gametheorytemplateX.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
uRun: [Google Update] "C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Laura\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Windows Servelet Manager] C:\Program Files (x86)\Java Component Manager\srvlet32.exe
StartupFolder: C:\Users\Laura\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DESKTO~1.LNK - C:\Users\Laura\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
StartupFolder: C:\Users\Laura\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Laura\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEATHE~1.LNK - C:\Users\Laura\AppData\Local\WeatherAlerts\WeatherAlerts.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://dan19057cam.lorexddns.net:1050/DvrOcx.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{16ACAD41-E1B8-414D-BC42-F8C4549DE2A2} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{467FE70B-22E6-4564-9340-114E728FA62D} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{467FE70B-22E6-4564-9340-114E728FA62D}\0516C6D6562713 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{467FE70B-22E6-4564-9340-114E728FA62D}\26279716E647F5374727164747F6E6 : DHCPNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{467FE70B-22E6-4564-9340-114E728FA62D}\353484D2945313030243444473 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{467FE70B-22E6-4564-9340-114E728FA62D}\3555D4D454256594C4C45402742594C4C4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{467FE70B-22E6-4564-9340-114E728FA62D}\4414E4D20534 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{467FE70B-22E6-4564-9340-114E728FA62D}\7457563747 : DHCPNameServer = 4.2.2.2
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll    c:\progra~2\optimi~1\optpro~2.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_dsites02_14_19_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCtA0AtByEtDyDtA0B0EtCtN0D0Tzu0SzzyCtDtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0C0F0C0FyE0CtCtGtD0AyCzytGyE0FtDtDtG0EyBtCtDtGtD0FtC0FyDzy0E0Fzz0A0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0DtCzz0AyBtBtGtB0CtByDtGyBtD0FyBtG0AyD0E0CtGtBzyyBtCzy0FtCtD0C0Bzzzz2Q&cr=1729445156&ir=
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64;{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64;C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys [2014-5-25 61120]
R2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-3-14 36392]
R2 CltMngSvc;Search Protect Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-5-14 2496832]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-5-13 270624]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 133928]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2012-10-31 519920]
R2 Update ConstaSurf;Update ConstaSurf;C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe [2014-5-25 350496]
R2 Util ConstaSurf;Util ConstaSurf;C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe [2014-5-25 350496]
R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-4-8 149544]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-4-8 148008]
R2 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-4-8 205352]
R2 yewimmxqbs64;yewimmxqbs64;C:\Program Files\002\yewimmxqbs64.exe run options=01100010020000000000000000000000 sourceguid=77BBCAD6-8F11-4B2B-9781-44917F1430F9 --> C:\Program Files\002\yewimmxqbs64.exe run options=01100010020000000000000000000000 sourceguid=77BBCAD6-8F11-4B2B-9781-44917F1430F9 [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-5-19 292864]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-3-13 227896]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-19 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2007-8-2 12672]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-17 111616]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-13 216064]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-5-25 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-26 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-27 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-05-26 17:49:38 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF8240DA-674F-4AD8-B3C1-4CE4D28584B3}\offreg.dll
2014-05-25 22:25:08 -------- d-----w- C:\Program Files (x86)\Java Component Manager
2014-05-25 22:23:36 -------- d-----w- C:\Users\Laura\AppData\Roaming\Optimizer Pro
2014-05-25 22:18:34 -------- d-----w- C:\Users\Laura\AppData\Roaming\VOPackage
2014-05-25 22:18:19 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2014-05-25 22:09:54 61120 ----a-w- C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys
2014-05-25 13:10:58 -------- d-----w- C:\Users\Laura\AppData\Local\Local_Weather_LLC
2014-05-25 13:10:53 -------- d-----w- C:\Users\Laura\AppData\Local\WeatherAlerts
2014-05-25 13:10:30 -------- d-----w- C:\Program Files\rrsavings
2014-05-25 13:09:16 -------- d-----w- C:\Program Files\002
2014-05-25 13:08:56 -------- d-----w- C:\Program Files (x86)\ConstaSurf
2014-05-25 12:41:05 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2014-05-25 12:39:49 -------- d-----w- C:\Program Files (x86)\DriverUpdate
2014-05-25 12:32:16 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A6BFBDA-EB7F-4017-B8E6-84FC88A8D5EF}\gapaengine.dll
2014-05-25 12:31:54 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF8240DA-674F-4AD8-B3C1-4CE4D28584B3}\mpengine.dll
2014-05-25 12:20:08 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-25 12:02:21 -------- d-----w- C:\Users\Laura\AppData\Local\SlimWare Utilities Inc
2014-05-25 00:16:28 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2014-05-25 00:16:12 -------- d-----w- C:\Users\Laura\AppData\Local\BenchUpdater
2014-05-25 00:16:02 -------- d-----w- C:\Program Files (x86)\Bench
2014-05-25 00:15:57 -------- d-----w- C:\Program Files (x86)\Savings Hen
2014-05-25 00:15:55 -------- d-----w- C:\Users\Laura\AppData\Local\Savings Hen
2014-05-25 00:14:57 -------- d-----w- C:\temp
2014-05-25 00:11:58 -------- d-----w- C:\Program Files\pcreg
2014-05-25 00:11:40 -------- d-----w- C:\Program Files (x86)\Browsersafeguard
2014-05-25 00:11:25 -------- d-----w- C:\Users\Laura\AppData\Local\SearchProtect
2014-05-25 00:11:13 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-05-14 15:22:30 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-14 15:22:30 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-14 06:02:09 17938608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-05-09 12:46:30 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2014-05-09 12:46:25 -------- d-----w- C:\Windows\Razer Core
2014-05-09 12:45:47 -------- d-----w- C:\Users\Laura\AppData\Local\IsolatedStorage
2014-05-09 12:45:21 -------- d-----w- C:\Users\Laura\AppData\Roaming\StormFall
2014-05-09 12:45:20 -------- dc-h--w- C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}
2014-05-09 12:44:55 -------- d-----w- C:\Users\Laura\AppData\Roaming\Andromeda5200
2014-05-09 12:37:04 -------- d-----w- C:\Users\Laura\AppData\Roaming\1H1Q
2014-05-09 12:36:53 -------- d-sh--w- C:\Users\Laura\AppData\Local\EmieUserList
2014-05-09 12:36:53 -------- d-sh--w- C:\Users\Laura\AppData\Local\EmieSiteList
2014-05-09 12:36:32 -------- d-----w- C:\Users\Laura\AppData\Roaming\AppCloudUpdater
2014-04-30 01:24:31 -------- d-s---w- C:\Windows\System32\CompatTel
.
==================== Find3M  ====================
.
2014-05-14 06:02:33 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 06:02:33 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-15 00:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-01 02:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 02:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-11 13:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 13:58:08.97 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:01 AM

Posted 26 May 2014 - 02:30 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi Lunis,
 
We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
Ask Toolbar
Ask Toolbar Updater
BrowserSafeguard with Rockettab
ConstaSurf
DesktopWeatherAlerts
DriverUpdate
Java 7 Update 45
MyPC Backup 
Optimizer Pro v3.2
Quizulous
rrsavings
Search Protect
VO Package
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

--------------
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner clean log

xXToffeeXx~


Edited by xXToffeeXx, 26 May 2014 - 02:30 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Lunis

Lunis
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 26 May 2014 - 03:06 PM

Thanks a ton.

 

I removed the programs you listed with Revo, however it did not detect a few of the programs: ConstaSurf, MyPC Backup, and rrsavings.

 

 

Here is the AdwCleaner clean log:

 

# AdwCleaner v3.211 - Report created 26/05/2014 at 16:03:51
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Laura - LAURA-PC
# Running from : C:\Users\Laura\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : BackupStack
Service Found : Update ConstaSurf
Service Found : Util ConstaSurf
Service Found : yewimmxqbs64
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Found : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Found : C:\Users\Laura\daemonprocess.txt
File Found : C:\Users\Laura\Desktop\MyPC Backup.lnk
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\AppCloudUpdater
File Found : C:\Windows\System32\Tasks\LaunchApp
File Found : C:\Windows\Tasks\AppCloudUpdater.job
Folder Found : C:\Program Files (x86)\Bench
Folder Found : C:\Program Files (x86)\BrowserSafeguard
Folder Found : C:\Program Files (x86)\ConstaSurf
Folder Found : C:\Program Files (x86)\Mobogenie
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Uniblue
Folder Found : C:\Program Files\002
Folder Found : C:\Program Files\RrSavings
Folder Found : C:\ProgramData\374311380 
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\iWin
Folder Found : C:\Users\Laura\AppData\Local\apn
Folder Found : C:\Users\Laura\AppData\Local\BenchUpdater
Folder Found : C:\Users\Laura\AppData\Local\genienext
Folder Found : C:\Users\Laura\AppData\Local\Mobogenie
Folder Found : C:\Users\Laura\AppData\Local\PackageAware
Folder Found : C:\Users\Laura\AppData\Local\Temp\ConstaSurf
Folder Found : C:\Users\Laura\AppData\Local\Temp\webget
Folder Found : C:\Users\Laura\AppData\Roaming\1H1Q
Folder Found : C:\Users\Laura\AppData\Roaming\AppCloudUpdater
Folder Found : C:\Users\Laura\AppData\Roaming\iWin
Folder Found : C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found : C:\Users\Laura\AppData\Roaming\newnext.me
Folder Found : C:\Users\Laura\AppData\Roaming\Systweak
Folder Found : C:\Users\Laura\Documents\Mobogenie
Folder Found : C:\Users\Laura\Documents\Optimizer Pro
Folder Found : C:\Users\Laura\Documents\PC Speed Maximizer
Folder Found : C:\Users\Public\Documents\iWin
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppCloudUpdater
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\RrSavings
Key Found : HKCU\Software\ConstaSurf
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7356335-81BF-4769-BFBD-2E2889138641}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7356335-81BF-4769-BFBD-2E2889138641}
Key Found : HKCU\Software\SearchProtectINT
Key Found : HKCU\Software\SoftwareUpdater
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\AppCloudUpdater
Key Found : [x64] HKCU\Software\ConstaSurf
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : [x64] HKCU\Software\SearchProtectINT
Key Found : [x64] HKCU\Software\SoftwareUpdater
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D7356335-81BF-4769-BFBD-2E2889138641}
Key Found : HKLM\SOFTWARE\Classes\FCTB000100293.FCTB000100293Pos
Key Found : HKLM\SOFTWARE\Classes\FCTB000100293.FCTB000100293Pos.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100293.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000100293.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100293.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000100293.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41E2BE59-5C34-46AB-B743-6678BC94F42C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{52654F2B-3A13-4569-AB52-EF4201F79221}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\ConstaSurf
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7356335-81BF-4769-BFBD-2E2889138641}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{41E2BE59-5C34-46AB-B743-6678BC94F42C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConstaSurf
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RrSavings
Key Found : [x64] HKLM\SOFTWARE\RrSavings
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3321741&octid=EB_ORIGINAL_CTID&ISID=M4B486B16-04E9-4BA1-B638-E455E3D8F301&SearchSource=55&CUI=&UM=5&UP=SPBA3F662F-DD01-40CF-9466-29E006FB9DEE&SSPV=
 
-\\ Google Chrome v
 
[ File : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=7B654AB4-FEA1-48C0-B5BC-3E4936B0D4BE&apn_ptnrs=TV&apn_sauid=66E0683B-AE05-4EEB-A994-8DFBA6F28376&apn_dtid=OSJ000YYUS&q={searchTerms}
Found [Search Provider] : hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82572&iwk=274&lng=en
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3328456&octid=EB_ORIGINAL_CTID&ISID=M50BD5053-F171-47F4-9050-D03670141966&SearchSource=58&CUI=&UM=5&UP=SPBA3F662F-DD01-40CF-9466-29E006FB9DEE&q={searchTerms}&SSPV=
Found [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M08C0B9FD-BF10-441D-9A73-070AC54B17BA&SearchSource=55&CUI=&UM=5&UP=SPBA3F662F-DD01-40CF-9466-29E006FB9DEE&SSPV=
Found [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3328456&octid=EB_ORIGINAL_CTID&ISID=M50BD5053-F171-47F4-9050-D03670141966&SearchSource=55&CUI=&UM=5&UP=SPBA3F662F-DD01-40CF-9466-29E006FB9DEE&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [10782 octets] - [26/05/2014 16:03:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10843 octets] ##########


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:01 AM

Posted 27 May 2014 - 04:51 AM

Hi Lunis,
 
Uninstalling a Program:

  • Click the windows logo on the taskbar and then click Control Panel.
  • Underneath Programs category, is Uninstall a program, click on that.
  • A list of programs installed will be populated, this may take a bit of time.
  • If the following programs exist, uninstall them by clicking on the following entries and selecting remove:
ConstaSurf
MyPC Backup
rrsavings
  • Additional instructions can be found here if needed.

--------------
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner clean log
  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Lunis

Lunis
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 30 May 2014 - 02:21 PM

AdwCleanerlog:

 

# AdwCleaner v3.211 - Report created 26/05/2014 at 16:25:21
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Laura - LAURA-PC
# Running from : C:\Users\Laura\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : BackupStack
[#] Service Deleted : Update ConstaSurf
[#] Service Deleted : Util ConstaSurf
Service Deleted : yewimmxqbs64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\374311380 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\BrowserSafeguard
[!] Folder Deleted : C:\Program Files (x86)\ConstaSurf
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Program Files\002
Folder Deleted : C:\Program Files\RrSavings
Folder Deleted : C:\Users\Laura\AppData\Local\apn
Folder Deleted : C:\Users\Laura\AppData\Local\BenchUpdater
Folder Deleted : C:\Users\Laura\AppData\Local\genienext
Folder Deleted : C:\Users\Laura\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Laura\AppData\Local\PackageAware
Folder Deleted : C:\Users\Laura\AppData\Local\Temp\ConstaSurf
Folder Deleted : C:\Users\Laura\AppData\Local\Temp\webget
Folder Deleted : C:\Users\Laura\AppData\Roaming\1H1Q
Folder Deleted : C:\Users\Laura\AppData\Roaming\AppCloudUpdater
Folder Deleted : C:\Users\Laura\AppData\Roaming\iWin
Folder Deleted : C:\Users\Laura\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Laura\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Laura\Documents\Mobogenie
Folder Deleted : C:\Users\Laura\Documents\Optimizer Pro
Folder Deleted : C:\Users\Laura\Documents\PC Speed Maximizer
Folder Deleted : C:\Users\Public\Documents\iWin
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Laura\daemonprocess.txt
File Deleted : C:\Users\Laura\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\AppCloudUpdater.job
File Deleted : C:\Windows\System32\Tasks\AppCloudUpdater
File Deleted : C:\Windows\System32\Tasks\LaunchApp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100293.FCTB000100293Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100293.FCTB000100293Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100293.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100293.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100293.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100293.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7356335-81BF-4769-BFBD-2E2889138641}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41E2BE59-5C34-46AB-B743-6678BC94F42C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{52654F2B-3A13-4569-AB52-EF4201F79221}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7356335-81BF-4769-BFBD-2E2889138641}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7356335-81BF-4769-BFBD-2E2889138641}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7356335-81BF-4769-BFBD-2E2889138641}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41E2BE59-5C34-46AB-B743-6678BC94F42C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\AppCloudUpdater
Key Deleted : HKCU\Software\ConstaSurf
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ConstaSurf
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\RrSavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConstaSurf
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RrSavings
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v
 
[ File : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=7B654AB4-FEA1-48C0-B5BC-3E4936B0D4BE&apn_ptnrs=TV&apn_sauid=66E0683B-AE05-4EEB-A994-8DFBA6F28376&apn_dtid=OSJ000YYUS&q={searchTerms}
Deleted [Search Provider] : hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82572&iwk=274&lng=en
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3328456&octid=EB_ORIGINAL_CTID&ISID=M50BD5053-F171-47F4-9050-D03670141966&SearchSource=58&CUI=&UM=5&UP=SPBA3F662F-DD01-40CF-9466-29E006FB9DEE&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M08C0B9FD-BF10-441D-9A73-070AC54B17BA&SearchSource=55&CUI=&UM=5&UP=SPBA3F662F-DD01-40CF-9466-29E006FB9DEE&SSPV=
Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3328456&octid=EB_ORIGINAL_CTID&ISID=M50BD5053-F171-47F4-9050-D03670141966&SearchSource=55&CUI=&UM=5&UP=SPBA3F662F-DD01-40CF-9466-29E006FB9DEE&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [11000 octets] - [26/05/2014 16:03:51]
AdwCleaner[R1].txt - [11061 octets] - [26/05/2014 16:24:48]
AdwCleaner[S0].txt - [10365 octets] - [26/05/2014 16:25:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10426 octets] ##########
 
 
 
 
 
FIRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by Laura (administrator) on LAURA-PC on 30-05-2014 15:16:00
Running from C:\Users\Laura\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Java Component Manager\srvlet32.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-19] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Windows Servelet Manager] => C:\Program Files (x86)\Java Component Manager\srvlet32.exe [640512 2014-05-23] ()
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-17148178-3081042511-3670326260-1001\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2011-06-17] ()
HKU\S-1-5-21-17148178-3081042511-3670326260-1001\...\Run: [Google Update] => C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-18] (Google Inc.)
HKU\S-1-5-21-17148178-3081042511-3670326260-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-21] (Google Inc.)
HKU\S-1-5-21-17148178-3081042511-3670326260-1001\...\MountPoints2: {5bc75efc-38dc-11e3-b481-00262dbf2f4c} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-17148178-3081042511-3670326260-1001\...\MountPoints2: {687fa8e6-a2f9-11e3-811b-00262dbf2f4c} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-17148178-3081042511-3670326260-1001\...\MountPoints2: {7565d4a4-80b1-11e1-b2b7-00262dbf2f4c} - F:\ToolLauncher-Bootstrap.exe
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKLM - {522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {DD662A0C-12FE-4B38-BA53-247F7EC82F46} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {9B479D7B-916A-45B0-B042-D42865A60E21} http://dan19057cam.lorexddns.net:1050/DvrOcx.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Laura\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Laura\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-13]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR StartMenuInternet: Google Chrome - C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519920 2012-10-31] (iWin Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [149544 2010-04-08] (Authentium, Inc)
R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [148008 2010-04-08] (Authentium, Inc)
R2 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [205352 2010-04-08] (Authentium, Inc)
 
==================== Drivers (Whitelisted) ====================
 
S3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-26] ()
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys [61120 2014-05-22] (StdLib)
U4 eabfiltr; 
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-30 15:16 - 2014-05-30 15:17 - 00015965 _____ () C:\Users\Laura\Downloads\FRST.txt
2014-05-30 15:15 - 2014-05-30 15:16 - 00000000 ____D () C:\FRST
2014-05-30 15:15 - 2014-05-30 15:15 - 02066944 _____ (Farbar) C:\Users\Laura\Downloads\FRST64.exe
2014-05-26 21:20 - 2014-05-26 21:20 - 00001224 _____ () C:\Users\Laura\Desktop\Revo Uninstaller.lnk
2014-05-26 16:04 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-26 16:03 - 2014-05-26 16:29 - 00000000 ____D () C:\AdwCleaner
2014-05-26 16:02 - 2014-05-26 16:03 - 01327971 _____ () C:\Users\Laura\Downloads\AdwCleaner.exe
2014-05-26 15:43 - 2014-05-26 21:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-26 15:42 - 2014-05-26 15:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Laura\Downloads\revosetup.exe
2014-05-26 13:56 - 2014-05-26 13:56 - 00688992 ____R (Swearware) C:\Users\Laura\Downloads\dds.com
2014-05-25 18:25 - 2014-05-30 05:54 - 04186112 _____ () C:\Users\Laura\AppData\Local\ChromeHitoryDB
2014-05-25 18:25 - 2014-05-25 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Component Manager
2014-05-25 18:25 - 2014-05-25 18:25 - 00000000 ____D () C:\Program Files (x86)\Java Component Manager
2014-05-25 18:09 - 2014-05-22 18:25 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys
2014-05-25 17:49 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-25 17:49 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-25 17:49 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-25 17:48 - 2014-05-25 17:49 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-25 17:21 - 2014-05-25 17:27 - 00014435 _____ () C:\Users\Laura\Downloads\hijackthis.log
2014-05-25 17:20 - 2014-05-25 17:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Laura\Downloads\HijackThis.exe
2014-05-25 08:41 - 2014-05-26 15:40 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-25 08:39 - 2014-05-25 08:39 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-05-25 08:02 - 2014-05-25 08:02 - 00000000 ____D () C:\Users\Laura\AppData\Local\SlimWare Utilities Inc
2014-05-24 20:15 - 2014-05-25 08:19 - 00000000 ____D () C:\Users\Laura\AppData\Local\Savings Hen
2014-05-24 20:15 - 2014-05-25 08:19 - 00000000 ____D () C:\Program Files (x86)\Savings Hen
2014-05-24 20:14 - 2014-05-25 09:10 - 00000000 ____D () C:\temp
2014-05-24 20:11 - 2014-05-25 08:19 - 00000000 ____D () C:\Program Files\pcreg
2014-05-14 11:22 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 11:22 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 11:22 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 11:22 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 11:22 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 11:22 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 09:39 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:38 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 09:38 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 09:38 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 09:38 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 09:38 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 09:38 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 09:38 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 09:38 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 09:38 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 09:38 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 09:38 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 09:38 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 09:38 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 09:38 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 09:38 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 09:38 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 09:38 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 09:38 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 09:38 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 09:38 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 09:38 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 09:38 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 09:38 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 09:38 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 09:38 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 09:38 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 09:38 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 09:38 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 09:38 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 09:38 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 09:38 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 09:38 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 09:38 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 09:38 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 09:38 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 09:38 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 09:38 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 09:38 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 09:38 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 09:38 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 09:38 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 09:38 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 09:38 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 09:38 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 02:02 - 2014-05-14 02:02 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-12 18:21 - 2014-05-12 18:21 - 14244965 _____ () C:\Users\Laura\Downloads\FrenchRivieraJamesPoulsom.themepack
2014-05-09 08:47 - 2014-05-09 08:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RzFilter_01009.Wdf
2014-05-09 08:46 - 2014-05-11 10:21 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-05-09 08:46 - 2014-05-09 08:46 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-05-09 08:46 - 2014-05-09 08:46 - 00000000 ____D () C:\Windows\Razer Core
2014-05-09 08:45 - 2014-05-11 10:21 - 00000000 __HDC () C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}
2014-05-09 08:45 - 2014-05-09 08:45 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\StormFall
2014-05-09 08:45 - 2014-05-09 08:45 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall
2014-05-09 08:45 - 2014-05-09 08:45 - 00000000 ____D () C:\Users\Laura\AppData\Local\IsolatedStorage
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andromeda5200
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Andromeda5200
2014-05-09 08:36 - 2014-05-09 08:36 - 00000000 __SHD () C:\Users\Laura\AppData\Local\EmieUserList
2014-05-09 08:36 - 2014-05-09 08:36 - 00000000 __SHD () C:\Users\Laura\AppData\Local\EmieSiteList
 
==================== One Month Modified Files and Folders =======
 
2014-05-30 15:17 - 2014-05-30 15:16 - 00015965 _____ () C:\Users\Laura\Downloads\FRST.txt
2014-05-30 15:16 - 2014-05-30 15:15 - 00000000 ____D () C:\FRST
2014-05-30 15:16 - 2010-09-27 19:36 - 00000000 ____D () C:\Users\Laura\AppData\Local\Temp
2014-05-30 15:15 - 2014-05-30 15:15 - 02066944 _____ (Farbar) C:\Users\Laura\Downloads\FRST64.exe
2014-05-30 15:15 - 2010-05-19 00:37 - 01388889 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 15:12 - 2012-02-21 08:20 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 15:12 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 15:12 - 2009-07-14 00:51 - 00276497 _____ () C:\Windows\setupact.log
2014-05-30 05:54 - 2014-05-25 18:25 - 04186112 _____ () C:\Users\Laura\AppData\Local\ChromeHitoryDB
2014-05-30 05:48 - 2012-02-21 08:20 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 05:21 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 05:21 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 05:20 - 2011-07-18 08:17 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-17148178-3081042511-3670326260-1001UA.job
2014-05-29 21:00 - 2013-03-03 13:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 19:28 - 2010-11-26 11:41 - 00000000 ____D () C:\Users\Laura\AppData\Local\CrashDumps
2014-05-29 18:16 - 2014-04-23 17:20 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForLaura.job
2014-05-29 15:58 - 2014-04-23 17:20 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLaura
2014-05-29 07:20 - 2011-07-18 08:17 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-17148178-3081042511-3670326260-1001Core.job
2014-05-28 21:35 - 2011-10-26 07:35 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-28 21:35 - 2010-09-29 07:50 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-26 21:20 - 2014-05-26 21:20 - 00001224 _____ () C:\Users\Laura\Desktop\Revo Uninstaller.lnk
2014-05-26 21:20 - 2014-05-26 15:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-26 16:31 - 2010-09-28 02:28 - 00330820 _____ () C:\Windows\PFRO.log
2014-05-26 16:29 - 2014-05-26 16:03 - 00000000 ____D () C:\AdwCleaner
2014-05-26 16:25 - 2010-09-27 19:36 - 00000000 ____D () C:\Users\Laura
2014-05-26 16:25 - 2009-07-13 22:34 - 00000647 _____ () C:\Windows\win.ini
2014-05-26 16:03 - 2014-05-26 16:02 - 01327971 _____ () C:\Users\Laura\Downloads\AdwCleaner.exe
2014-05-26 15:55 - 2013-07-19 21:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-26 15:51 - 2010-09-27 19:44 - 00000000 ___RD () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 15:46 - 2012-06-29 22:13 - 00000000 ____D () C:\Firefox
2014-05-26 15:42 - 2014-05-26 15:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Laura\Downloads\revosetup.exe
2014-05-26 15:40 - 2014-05-25 08:41 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-26 13:56 - 2014-05-26 13:56 - 00688992 ____R (Swearware) C:\Users\Laura\Downloads\dds.com
2014-05-25 18:25 - 2014-05-25 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Component Manager
2014-05-25 18:25 - 2014-05-25 18:25 - 00000000 ____D () C:\Program Files (x86)\Java Component Manager
2014-05-25 18:24 - 2010-03-13 01:45 - 00000000 ____D () C:\ProgramData\Temp
2014-05-25 18:15 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2014-05-25 17:49 - 2014-05-25 17:48 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-25 17:49 - 2013-10-16 07:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-25 17:27 - 2014-05-25 17:21 - 00014435 _____ () C:\Users\Laura\Downloads\hijackthis.log
2014-05-25 17:20 - 2014-05-25 17:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Laura\Downloads\HijackThis.exe
2014-05-25 09:10 - 2014-05-24 20:14 - 00000000 ____D () C:\temp
2014-05-25 08:39 - 2014-05-25 08:39 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-05-25 08:19 - 2014-05-24 20:15 - 00000000 ____D () C:\Users\Laura\AppData\Local\Savings Hen
2014-05-25 08:19 - 2014-05-24 20:15 - 00000000 ____D () C:\Program Files (x86)\Savings Hen
2014-05-25 08:19 - 2014-05-24 20:11 - 00000000 ____D () C:\Program Files\pcreg
2014-05-25 08:19 - 2013-10-16 07:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-25 08:19 - 2010-05-19 00:39 - 00000000 ____D () C:\Program Files\CONEXANT
2014-05-25 08:19 - 2010-05-19 00:38 - 00000000 ____D () C:\Program Files\Synaptics
2014-05-25 08:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-05-25 08:18 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-25 08:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-25 08:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-25 08:02 - 2014-05-25 08:02 - 00000000 ____D () C:\Users\Laura\AppData\Local\SlimWare Utilities Inc
2014-05-22 18:25 - 2014-05-25 18:09 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys
2014-05-17 23:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 05:22 - 2014-02-01 08:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 06:59 - 2010-09-27 19:44 - 00000000 ___RD () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 06:55 - 2014-04-29 21:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 11:22 - 2010-03-13 01:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 11:20 - 2013-08-15 06:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 11:19 - 2010-09-27 20:50 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 02:02 - 2014-05-14 02:02 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 02:02 - 2013-03-03 13:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 02:02 - 2013-03-03 13:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 02:02 - 2011-10-28 07:36 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 18:21 - 2014-05-12 18:21 - 14244965 _____ () C:\Users\Laura\Downloads\FrenchRivieraJamesPoulsom.themepack
2014-05-11 12:06 - 2009-07-14 01:13 - 00006222 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 10:21 - 2014-05-09 08:46 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-05-11 10:21 - 2014-05-09 08:45 - 00000000 __HDC () C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}
2014-05-09 08:54 - 2009-07-14 00:45 - 00354136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-09 08:50 - 2010-09-27 19:43 - 00086656 _____ () C:\Users\Laura\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-09 08:47 - 2014-05-09 08:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RzFilter_01009.Wdf
2014-05-09 08:46 - 2014-05-09 08:46 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-05-09 08:46 - 2014-05-09 08:46 - 00000000 ____D () C:\Windows\Razer Core
2014-05-09 08:45 - 2014-05-09 08:45 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\StormFall
2014-05-09 08:45 - 2014-05-09 08:45 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall
2014-05-09 08:45 - 2014-05-09 08:45 - 00000000 ____D () C:\Users\Laura\AppData\Local\IsolatedStorage
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andromeda5200
2014-05-09 08:44 - 2014-05-09 08:44 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Andromeda5200
2014-05-09 08:36 - 2014-05-09 08:36 - 00000000 __SHD () C:\Users\Laura\AppData\Local\EmieUserList
2014-05-09 08:36 - 2014-05-09 08:36 - 00000000 __SHD () C:\Users\Laura\AppData\Local\EmieSiteList
2014-05-09 07:43 - 2012-02-21 08:20 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 07:43 - 2012-02-21 08:20 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 07:15 - 2011-07-18 08:17 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-17148178-3081042511-3670326260-1001UA
2014-05-09 07:15 - 2011-07-18 08:17 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-17148178-3081042511-3670326260-1001Core
2014-05-09 02:14 - 2014-05-14 09:38 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-14 09:38 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 00:40 - 2014-05-14 11:22 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-14 11:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-14 11:22 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-14 11:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-14 11:22 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-14 11:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-30 07:04 - 2009-07-14 01:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
Some content of TEMP:
====================
C:\Users\Laura\AppData\Local\Temp\032939rr.exe
C:\Users\Laura\AppData\Local\Temp\1E49_SoftwareUpdaterSetupC.exe
C:\Users\Laura\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Laura\AppData\Local\Temp\6_Offer_18.exe
C:\Users\Laura\AppData\Local\Temp\91314uninstall.exe
C:\Users\Laura\AppData\Local\Temp\air1E48.exe
C:\Users\Laura\AppData\Local\Temp\air28B6.exe
C:\Users\Laura\AppData\Local\Temp\airA1D0.exe
C:\Users\Laura\AppData\Local\Temp\airAFB2.exe
C:\Users\Laura\AppData\Local\Temp\airCAB2.exe
C:\Users\Laura\AppData\Local\Temp\airD6E0.exe
C:\Users\Laura\AppData\Local\Temp\BackupSetup.exe
C:\Users\Laura\AppData\Local\Temp\cdrun.exe
C:\Users\Laura\AppData\Local\Temp\contentDATs.exe
C:\Users\Laura\AppData\Local\Temp\DownloadManager.exe
C:\Users\Laura\AppData\Local\Temp\Extract.exe
C:\Users\Laura\AppData\Local\Temp\f.exe
C:\Users\Laura\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Laura\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Laura\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Laura\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Laura\AppData\Local\Temp\HPQSi.exe
C:\Users\Laura\AppData\Local\Temp\ICReinstall_hijackthis_setup.exe
C:\Users\Laura\AppData\Local\Temp\IrsoDLL.dll
C:\Users\Laura\AppData\Local\Temp\jacob6605380258515658740.dll
C:\Users\Laura\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\kwtosedsbxzzm.exe
C:\Users\Laura\AppData\Local\Temp\mpb233.tmp.exe
C:\Users\Laura\AppData\Local\Temp\mssinstaller.exe
C:\Users\Laura\AppData\Local\Temp\NEWBCE8.tmp.exe
C:\Users\Laura\AppData\Local\Temp\NEWD2C8.tmp.exe
C:\Users\Laura\AppData\Local\Temp\NEWFCB5.tmp.exe
C:\Users\Laura\AppData\Local\Temp\nsb3401.exe
C:\Users\Laura\AppData\Local\Temp\nsbF895.exe
C:\Users\Laura\AppData\Local\Temp\nsc836B.exe
C:\Users\Laura\AppData\Local\Temp\nse10C6.exe
C:\Users\Laura\AppData\Local\Temp\nse2A62.exe
C:\Users\Laura\AppData\Local\Temp\nsfA1BF.exe
C:\Users\Laura\AppData\Local\Temp\nsh5140.exe
C:\Users\Laura\AppData\Local\Temp\nsm3A0B.exe
C:\Users\Laura\AppData\Local\Temp\nsm7D90.exe
C:\Users\Laura\AppData\Local\Temp\nsm8826.exe
C:\Users\Laura\AppData\Local\Temp\nsmFDB5.exe
C:\Users\Laura\AppData\Local\Temp\nsp14FC.exe
C:\Users\Laura\AppData\Local\Temp\nsx4CBD.exe
C:\Users\Laura\AppData\Local\Temp\nsz2F72.exe
C:\Users\Laura\AppData\Local\Temp\optprosetup.exe
C:\Users\Laura\AppData\Local\Temp\Quarantine.exe
C:\Users\Laura\AppData\Local\Temp\quizulous-antiphishing.exe
C:\Users\Laura\AppData\Local\Temp\Resource.exe
C:\Users\Laura\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Laura\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Laura\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Laura\AppData\Local\Temp\SP44984.exe
C:\Users\Laura\AppData\Local\Temp\SP47198.exe
C:\Users\Laura\AppData\Local\Temp\SP47591.exe
C:\Users\Laura\AppData\Local\Temp\SP47636.exe
C:\Users\Laura\AppData\Local\Temp\SP47803.exe
C:\Users\Laura\AppData\Local\Temp\SP47997.exe
C:\Users\Laura\AppData\Local\Temp\SP50498.exe
C:\Users\Laura\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Laura\AppData\Local\Temp\SP51485.exe
C:\Users\Laura\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Laura\AppData\Local\Temp\sp54373.exe
C:\Users\Laura\AppData\Local\Temp\sp54620.exe
C:\Users\Laura\AppData\Local\Temp\sp58915.exe
C:\Users\Laura\AppData\Local\Temp\sp64126.exe
C:\Users\Laura\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Laura\AppData\Local\Temp\System.Data.SQLite27749.dll
C:\Users\Laura\AppData\Local\Temp\System.Data.SQLite43971.dll
C:\Users\Laura\AppData\Local\Temp\System.Data.SQLite44687.dll
C:\Users\Laura\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Laura\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Laura\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Laura\AppData\Local\Temp\~InstallCyberDefenderEDC-026302[1].exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-20 16:39
 
==================== End Of Log ============================
 
 
 
Addition.txt:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by Laura at 2014-05-30 15:18:57
Running from C:\Users\Laura\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
AVSDK5 (Version: 5.2.9 - Authentium, Inc) Hidden
Bejeweled Twist (remove only) (HKLM-x32\...\Bejeweled Twist) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Smart Web Printing (x32 Version: 131.1.35898 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java technology allows you to work and play in a secure computing environment. Packages (HKCU\...\Java technology allows you to work and play in a secure computing environment. Packages) (Version:  - ) <==== ATTENTION
Jewel Quest: The Sapphire Dragon (HKLM-x32\...\Jewel Quest: The Sapphire Dragon) (Version: 1.0.0.1 - Pogo.com)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
17-05-2014 22:19:40 Windows Update
21-05-2014 20:35:41 Windows Update
24-05-2014 23:28:59 Windows Update
25-05-2014 12:16:08 Restore Operation
25-05-2014 12:31:04 Windows Update
25-05-2014 13:22:32 Installed Java 7 Update 45
25-05-2014 21:47:50 Installed Java 7 Update 55
26-05-2014 19:44:26 Revo Uninstaller's restore point - Ask Toolbar
26-05-2014 19:45:49 Revo Uninstaller's restore point - Ask Toolbar
26-05-2014 19:48:25 Revo Uninstaller's restore point - BrowserSafeguard with Rockettab
26-05-2014 19:50:50 Revo Uninstaller's restore point - DesktopWeatherAlerts
26-05-2014 19:51:54 Revo Uninstaller's restore point - DriverUpdate
26-05-2014 19:52:07 Removed DriverUpdate
26-05-2014 19:53:57 Revo Uninstaller's restore point - Java 7 Update 45
26-05-2014 19:54:09 Removed Java 7 Update 45
26-05-2014 19:56:47 Revo Uninstaller's restore point - Optimizer Pro v3.2
26-05-2014 19:57:44 Revo Uninstaller's restore point - Quizulous
26-05-2014 19:59:06 Revo Uninstaller's restore point - Search Protect
26-05-2014 20:00:06 Revo Uninstaller's restore point - VO Package
27-05-2014 01:21:13 Revo Uninstaller's restore point - Steam
27-05-2014 01:21:35 Removed Steam
27-05-2014 01:23:01 Revo Uninstaller's restore point - SocialRibbons
29-05-2014 01:36:49 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {01CA0A0A-1225-4FEE-A0A6-D21017438B62} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {0A59E3E8-06F3-4F27-80B7-8726DFD3B6CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-17148178-3081042511-3670326260-1001Core => C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-18] (Google Inc.)
Task: {14EC018D-4B68-489B-8427-EBAA19F0EC92} - System32\Tasks\{6A852836-2C57-4CE4-B402-AC9FD8EC8F06} => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2012-10-31] (iWin Inc.)
Task: {24CB23C9-C725-4E40-9AD5-A186AF29CF63} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-17148178-3081042511-3670326260-1001UA => C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-18] (Google Inc.)
Task: {256070F9-98BD-4AFF-99BA-178F50040877} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {678AE4A8-6A9A-4CC2-9862-EDD134121516} - \AppCloudUpdater No Task File <==== ATTENTION
Task: {7CA6D0B2-F6BE-44F6-B346-0EB65176FFE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-21] (Google Inc.)
Task: {7EFE7838-CA36-4E4E-AA3C-3C3DA98BA31D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-21] (Google Inc.)
Task: {9F3CD9EC-A0F4-43A1-9511-0AFE7BD746FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {A3F00504-D2FF-42DF-997E-7CF5E995F55E} - \LaunchApp No Task File <==== ATTENTION
Task: {B860AA0C-AD92-4B07-9A4F-BDAF719EEDA8} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2012-10-31] (iWin Inc.) <==== ATTENTION
Task: {BDA1D234-D025-48ED-AB0E-046DAC6246A9} - System32\Tasks\HPCeeScheduleForLaura => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {F1FB8C37-F79B-474F-80E9-64129128ECA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {FFC0809E-7764-4BFC-AD31-C9026ECAAEEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-17148178-3081042511-3670326260-1001Core.job => C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-17148178-3081042511-3670326260-1001UA.job => C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLaura.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-03-13 02:33 - 2009-07-06 15:20 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-05-25 18:25 - 2014-05-23 13:11 - 00640512 _____ () C:\Program Files (x86)\Java Component Manager\srvlet32.exe
2009-07-01 19:44 - 2009-07-01 19:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-05-25 18:25 - 2014-03-14 22:25 - 00236544 _____ () C:\Program Files (x86)\Java Component Manager\sqlite3.dll
2014-05-21 17:21 - 2014-05-13 19:40 - 00716616 _____ () C:\Users\Laura\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-21 17:21 - 2014-05-13 19:40 - 00126280 _____ () C:\Users\Laura\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-21 17:21 - 2014-05-13 19:40 - 04217672 _____ () C:\Users\Laura\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-21 17:21 - 2014-05-13 19:40 - 00414536 _____ () C:\Users\Laura\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-21 17:21 - 2014-05-13 19:40 - 01732424 _____ () C:\Users\Laura\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:09446E68
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/29/2014 07:28:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.2.183.21, time stamp: 0x4b95e661
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002ff47
Faulting process id: 0x698
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
 
Error: (05/26/2014 06:23:11 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (05/25/2014 05:40:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (05/24/2014 08:16:29 PM) (Source: MsiInstaller) (EventID: 11925) (User: Laura-PC)
Description: Product: SupraSavings -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and then retry this installation.
 
Error: (05/24/2014 11:22:54 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (05/24/2014 07:27:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.2.183.21, time stamp: 0x4b95e661
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x41c
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
 
Error: (05/17/2014 11:40:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (05/17/2014 11:38:10 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (05/16/2014 05:21:11 AM) (Source: MsiInstaller) (EventID: 1024) (User: Laura-PC)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (05/15/2014 09:15:25 PM) (Source: MsiInstaller) (EventID: 1024) (User: Laura-PC)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
 
System errors:
=============
Error: (05/30/2014 03:13:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/30/2014 05:15:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/29/2014 06:17:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/29/2014 03:54:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/29/2014 11:56:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/29/2014 07:10:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/28/2014 09:24:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/28/2014 03:27:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/28/2014 06:13:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/27/2014 03:35:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 38%
Total physical RAM: 3999.19 MB
Available physical RAM: 2450.11 MB
Total Pagefile: 7996.56 MB
Available Pagefile: 6348.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:220.11 GB) (Free:158.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.58 GB) (Free:2.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 8C232226)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:01 AM

Posted 31 May 2014 - 09:25 AM

Hi Lunis,
 
We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
Pogo Games
Java technology allows you to work and play in a secure computing environment. Packages
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

--------------

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
C:\Program Files (x86)\Java Component Manager
HKLM-x32\...\Run: [Windows Servelet Manager] => C:\Program Files (x86)\Java Component Manager\srvlet32.exe [640512 2014-05-23] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_dsites02_14_19_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCtA0AtByEtDyDtA0B0EtCtN0D0Tzu0SzzyCtDtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0C0F0C0FyE0CtCtGtD0AyCzytGyE0FtDtDtG0EyBtCtDtGtD0FtC0FyDzy0E0Fzz0A0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0DtCzz0AyBtBtGtB0CtByDtGyBtD0FyBtG0AyD0E0CtGtBzyyBtCzy0FtCtD0C0Bzzzz2Q&cr=1729445156&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_dsites02_14_19_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCtA0AtByEtDyDtA0B0EtCtN0D0Tzu0SzzyCtDtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0C0F0C0FyE0CtCtGtD0AyCzytGyE0FtDtDtG0EyBtCtDtGtD0FtC0FyDzy0E0Fzz0A0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0DtCzz0AyBtBtGtB0CtByDtGyBtD0FyBtG0AyD0E0CtGtBzyyBtCzy0FtCtD0C0Bzzzz2Q&cr=1729445156&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKLM - {522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {1503A9E5-F9FE-40F0-86ED-70C50F8C7051} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=7B654AB4-FEA1-48C0-B5BC-3E4936B0D4BE&apn_sauid=66E0683B-AE05-4EEB-A994-8DFBA6F28376
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC20ED7B9-E771-4809-BEEB-55EB1AC7B5CC&q={searchTerms}&SSPV=
SearchScopes: HKCU - {522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {DD662A0C-12FE-4B38-BA53-247F7EC82F46} -  No File
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519920 2012-10-31] (iWin Inc.)
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys [61120 2014-05-22] (StdLib)
U4 eabfiltr; 
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2014-05-25 18:25 - 2014-05-30 05:54 - 04186112 _____ () C:\Users\Laura\AppData\Local\ChromeHitoryDB
2014-05-25 18:25 - 2014-05-25 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Component Manager
2014-05-25 18:09 - 2014-05-22 18:25 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys
2014-05-24 20:15 - 2014-05-25 08:19 - 00000000 ____D () C:\Users\Laura\AppData\Local\Savings Hen
2014-05-24 20:15 - 2014-05-25 08:19 - 00000000 ____D () C:\Program Files (x86)\Savings Hen
2014-05-24 20:11 - 2014-05-25 08:19 - 00000000 ____D () C:\Program Files\pcreg
AlternateDataStreams: C:\ProgramData\Temp:09446E68
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Task: {14EC018D-4B68-489B-8427-EBAA19F0EC92} - System32\Tasks\{6A852836-2C57-4CE4-B402-AC9FD8EC8F06} => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2012-10-31] (iWin Inc.)
Task: {678AE4A8-6A9A-4CC2-9862-EDD134121516} - \AppCloudUpdater No Task File <==== ATTENTION
Task: {A3F00504-D2FF-42DF-997E-7CF5E995F55E} - \LaunchApp No Task File <==== ATTENTION
Task: {B860AA0C-AD92-4B07-9A4F-BDAF719EEDA8} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2012-10-31] (iWin Inc.) <==== ATTENTION
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
How is the computer running now?
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • How your computer is running now

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 Lunis

Lunis
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 01 June 2014 - 05:12 PM

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014 01
Ran by Laura at 2014-06-01 18:11:10 Run:1
Running from C:\Users\Laura\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Program Files (x86)\Java Component Manager
HKLM-x32\...\Run: [Windows Servelet Manager] => C:\Program Files (x86)\Java Component Manager\srvlet32.exe [640512 2014-05-23] ()
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKLM - {522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {DD662A0C-12FE-4B38-BA53-247F7EC82F46} -  No File
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519920 2012-10-31] (iWin Inc.)
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys [61120 2014-05-22] (StdLib)
U4 eabfiltr; 
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2014-05-25 18:25 - 2014-05-30 05:54 - 04186112 _____ () C:\Users\Laura\AppData\Local\ChromeHitoryDB
2014-05-25 18:25 - 2014-05-25 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Component Manager
2014-05-25 18:09 - 2014-05-22 18:25 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys
2014-05-24 20:15 - 2014-05-25 08:19 - 00000000 ____D () C:\Users\Laura\AppData\Local\Savings Hen
2014-05-24 20:15 - 2014-05-25 08:19 - 00000000 ____D () C:\Program Files (x86)\Savings Hen
2014-05-24 20:11 - 2014-05-25 08:19 - 00000000 ____D () C:\Program Files\pcreg
AlternateDataStreams: C:\ProgramData\Temp:09446E68
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Task: {14EC018D-4B68-489B-8427-EBAA19F0EC92} - System32\Tasks\{6A852836-2C57-4CE4-B402-AC9FD8EC8F06} => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2012-10-31] (iWin Inc.)
Task: {678AE4A8-6A9A-4CC2-9862-EDD134121516} - \AppCloudUpdater No Task File <==== ATTENTION
Task: {A3F00504-D2FF-42DF-997E-7CF5E995F55E} - \LaunchApp No Task File <==== ATTENTION
Task: {B860AA0C-AD92-4B07-9A4F-BDAF719EEDA8} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2012-10-31] (iWin Inc.) <==== ATTENTION
*****************
 
C:\Program Files (x86)\Java Component Manager => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Windows Servelet Manager => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => Key deleted successfully.
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} => Key deleted successfully.
HKCR\CLSID\{522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1503A9E5-F9FE-40F0-86ED-70C50F8C7051} => Key deleted successfully.
HKCR\CLSID\{1503A9E5-F9FE-40F0-86ED-70C50F8C7051} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => Key deleted successfully.
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} => Key deleted successfully.
HKCR\CLSID\{522A1BA0-AA38-45D0-8EF1-F2B3EA6C31B3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DD662A0C-12FE-4B38-BA53-247F7EC82F46} => Value deleted successfully.
HKCR\CLSID\{DD662A0C-12FE-4B38-BA53-247F7EC82F46} => Key not found.
PGMTrusted => Service not found.
{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64 => Service stopped successfully.
{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64 => Service deleted successfully.
eabfiltr => Service deleted successfully.
RtsUIR => Service deleted successfully.
USBCCID => Service deleted successfully.
C:\Users\Laura\AppData\Local\ChromeHitoryDB => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Component Manager => Moved successfully.
C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys => Moved successfully.
C:\Users\Laura\AppData\Local\Savings Hen => Moved successfully.
C:\Program Files (x86)\Savings Hen => Moved successfully.
C:\Program Files\pcreg => Moved successfully.
C:\ProgramData\Temp => ":09446E68" ADS removed successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14EC018D-4B68-489B-8427-EBAA19F0EC92} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14EC018D-4B68-489B-8427-EBAA19F0EC92} => Key deleted successfully.
C:\Windows\System32\Tasks\{6A852836-2C57-4CE4-B402-AC9FD8EC8F06} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6A852836-2C57-4CE4-B402-AC9FD8EC8F06} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{678AE4A8-6A9A-4CC2-9862-EDD134121516} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{678AE4A8-6A9A-4CC2-9862-EDD134121516} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AppCloudUpdater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3F00504-D2FF-42DF-997E-7CF5E995F55E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3F00504-D2FF-42DF-997E-7CF5E995F55E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B860AA0C-AD92-4B07-9A4F-BDAF719EEDA8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B860AA0C-AD92-4B07-9A4F-BDAF719EEDA8} => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.
 
==== End of Fixlog ====
 
 
 
 
Computer has been running better after each step.


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:01 AM

Posted 02 June 2014 - 11:13 AM

Hi Lunis,
 
That's good to hear, just a little more to go now.
 
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

--------------

This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Malwarebytes log
  • ESET log
  • New FRST.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:01 AM

Posted 05 June 2014 - 02:28 PM

Hi Lunis,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:01 AM

Posted 07 June 2014 - 10:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users