Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast finally found Win32:Zbot-PX, not sure how to get rid of it


  • This topic is locked This topic is locked
12 replies to this topic

#1 Ravyn317

Ravyn317

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 18 June 2014 - 03:10 PM

I started noticing problems a few days ago when my computer shut down all on its own.  I was probably on Facebook or something.  Since then, Avast has been going nuts with alerts every few seconds.  I scanned with Avast, Malwarebytes, and Adwcleaner and all found nothing.  Finally did a boot scan last night with Avast and it found Win32:Zbot-PX.  Deleted it.  Today, computer would hang up when starting.  Did a restore to a point before I noticed any problems, and it is at least working now.  But I have read that this particular bug is a really bad one, and I need to know how to get rid of it completely.  Any help is very much appreciated.
 
Here is my FARBAR log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by Sissy at 2014-06-18 15:54:33
Running from C:\Users\Sissy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBJYKLAW
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: avast! Antivirus (Enabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{E2D662AD-3FE3-26C5-5540-90E4974EF412}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1483.0 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BeyondTXT Desktop (HKLM-x32\...\InstallShield_{FDA1FEE4-8BFE-48AA-9C02-D4714B579E07}) (Version: 4.0.22.05 - TRCR)
BeyondTXT Desktop (x32 Version: 4.0.22.05 - TRCR) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Career Step Foot Pedal Software (remove only) (HKLM-x32\...\PedalPlugin) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help English (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help French (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help German (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
ccc-utility64 (Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
ClientPlatformForDocQscribe (x32 Version: 1.0.0 - Default Company Name) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2823 - CyberLink Corp.) Hidden
D110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition update for Microsoft Office 2010 (KB982726) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E14AE329-F210-4EDD-B775-290821C66C1F}) (Version:  - Microsoft)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
ePSXe 1.8.0 (HKLM-x32\...\ePSXe) (Version: 1.8.0 - ePSXe)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
EXText COM objects (HKLM-x32\...\{53904A07-BD33-4741-BF78-DE2707E5F994}) (Version: 83.161.3 - Nuance Communications, Inc.)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.1.4301 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3107 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 4.1.3107 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP My Display (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.00.165 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.4.0 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{4BC310C4-B898-46E2-B5FB-B85A30AA7142}) (Version: 2.0.2.187 - Apple Inc.)
iTivity (HKLM-x32\...\{B4DB7658-A8D2-458C-B68C-9DBA74F1CCD3}) (Version: 5.04.0400 - Tridia Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jnes 1.1 (HKLM-x32\...\Jnes) (Version: 1.1 - Jnes)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Lync 2010 Attendee (HKLM-x32\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4415 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{17C3AEBF-519D-4FF0-B8D9-4BAD461370A4}) (Version: 15.8.8658.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 Download Manager (HKLM-x32\...\com.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1) (Version: 2.2.8-SNAPSHOT.r11227 - Verizon Wireless)
MP3 Download Manager (x32 Version: 2.2.8 - Verizon Wireless) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Philips Correction Components (HKLM-x32\...\{A706C466-E03D-4293-850B-067C785A4A3F}) (Version: 1.20.0000 - Philips Speech Processing)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3025 - CyberLink Corp.) Hidden
Roxio CinemaNow 2.0 (x32 Version: 1.0.284 - Hewlett-Packard) Hidden
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.22.002 - Portrait Displays, Inc.) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Shorthand 10.00 (HKLM-x32\...\Shorthand 10_is1) (Version:  - OfficeSoft LLC)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spark 2.6.3.12555 (HKLM-x32\...\Spark 2.6.3.12555) (Version:  - Jive Software)
SSIVoxPlayer 1.5.8-060314 (HKLM-x32\...\SSIVoxPlayer_is1) (Version:  - SoftScript, Inc.)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Stedman's Medical & Surgical Equipment Words 1.0 (HKLM-x32\...\Stedman's Medical & Surgical Equipment Words) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Transcription Productivity Tools (HKLM-x32\...\{CEBDC4E5-7C13-44E8-A581-5247F806E26E}) (Version: 1.10.099 - Records One)
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2202188) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{86B7A074-265D-420C-9E1E-7A920EF0ECA7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{556146F7-74AE-4E0A-B64F-5B8B93469F61}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B5516874-E926-4BFD-B412-D0E70112F244}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D6CE7280-6EE3-419A-8F47-DB111C040B1B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2433299) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6C845127-B949-4D76-A732-BCB396AD9AA5}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector (KB2289116) (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{E966C940-CC8C-4EC0-8D84-ED27AC20D53C}) (Version:  - Microsoft)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
W Photo Studio (HKLM-x32\...\{CBF3C503-946E-45EA-B347-EACC41781989}) (Version: 1.0.0.143 - Walgreens)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================
07-06-2014 18:26:37 Installed Java™ 7
14-06-2014 23:09:06 Scheduled Checkpoint
16-06-2014 23:41:45 avast! antivirus system restore point
17-06-2014 01:12:18 avast! antivirus system restore point
17-06-2014 01:18:02 Windows Update
17-06-2014 01:31:40 avast! antivirus system restore point
17-06-2014 07:25:42 Removed QuickTime 7
17-06-2014 22:03:42 Removed Java 7 Update 60
18-06-2014 08:59:34 Windows Update

==================== Hosts content: ==========================
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============
Task: {0B5A8C77-CBA3-4FBB-82EA-1906BB206B90} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-06] (AVAST Software)
Task: {21819646-0F4A-4F5B-9B29-86734E38FCB1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {267A70A3-6A58-4E8E-90BF-03D1499961D8} - System32\Tasks\{5422B42A-C1CA-4163-BA1C-D6360B371AAC} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2011-06-16] (Yahoo! Inc.)
Task: {3776EE9C-04CE-4576-A753-FDA0F940BEA6} - System32\Tasks\{0E1075AC-8C5F-498B-85BE-BE88ED261EC5} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2011-06-16] (Yahoo! Inc.)
Task: {820C97C7-016B-432F-A821-40C5ACE487A3} - System32\Tasks\{F1F15AA2-938C-4267-A2DB-6CD72A6BCB46} => Firefox.exe
Task: {85915EC0-4A3F-4416-8FC4-C7E77B4027F8} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe
Task: {8C0629AB-DEAB-4E2D-91C9-C6816DEE9F04} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {903FA5E4-C492-4763-B628-F650232DDC9F} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {99CA9EB2-0E22-4445-AC9C-D7FCF9650E49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {9DD80FB4-BF28-4B10-9F28-E88DFCDDB841} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {A0909F70-0F76-4897-9FD6-892A0F8906B2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink)
Task: {B392E09C-9BB6-489B-A810-6B6E679F1F36} - System32\Tasks\{EB027AA8-7FF7-4B89-951C-75DE98DF2B36} => Firefox.exe
Task: {C12D42D7-D60D-4B29-A19A-C9030319892C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {C590E229-C63F-471B-92A6-39AE7659CA20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {C59C1445-38F8-4196-8A44-3A095261B0D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C8A32CDE-D1BC-49AE-9C91-28728B6D064F} - System32\Tasks\{742F7BAB-0FAE-4689-B652-8E3354D6036B} => C:\Program Files (x86)\MedQuist\DocQscribe 7.1\DocQscribe7.exe
Task: {D604FEC1-F524-4913-ACDB-E4612ACDB16D} - System32\Tasks\{D25486E1-8ACD-4DF7-B52C-DB7B3FC3A406} => C:\Program Files (x86)\TRCR\BeyondTXT\DAPlayer.exe [2014-03-28] (Nuance Communications, Inc.)
Task: {E05E7B9A-B33D-477C-80C9-F63161808274} - System32\Tasks\HPCeeScheduleForSissy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {E56FD9CF-3D3E-40D7-9886-FA96A0C197A2} - System32\Tasks\{78DA0194-C6AA-44D1-9F17-ECF85162B15A} => Firefox.exe
Task: {EDBCDC38-61A2-49FE-8C75-FFB87C6E0B45} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {F125EB3B-B0DF-4843-96B9-E0D0C3C55CD4} - System32\Tasks\{5B3F6517-3196-4789-9CC5-30487A42FC71} => C:\InstText\Exe_v7\IT7Pro.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSissy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============
2010-09-16 13:51 - 2010-06-23 15:09 - 00125552 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
2009-06-08 19:45 - 2009-06-08 19:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-16 13:11 - 2010-09-16 13:11 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-08 23:44 - 2013-03-11 19:23 - 00240448 ____N () C:\Program Files\AVAST Software\Avast\Setup\SetIFace.dll
2014-06-01 12:07 - 2014-06-01 11:04 - 02295808 _____ () C:\Program Files\AVAST Software\Avast\defs\14060101\algo.dll
2010-10-19 11:03 - 2010-10-19 11:03 - 00016384 _____ () C:\Program Files (x86)\Common Files\MedQuist\SatelliteResource.dll
2010-10-19 11:03 - 2010-10-19 11:03 - 00036864 _____ () C:\Program Files (x86)\Common Files\MedQuist\ClientLogger.dll
2010-10-19 11:03 - 2010-10-19 11:03 - 00016384 _____ () C:\Program Files (x86)\Common Files\MedQuist\AssemblyLoader.dll
2010-10-19 11:03 - 2010-10-19 11:03 - 00016384 _____ () C:\Program Files (x86)\Common Files\MedQuist\MQHostService.Resources.dll
2010-10-19 11:03 - 2010-10-19 11:03 - 00016384 _____ () C:\Program Files (x86)\Common Files\MedQuist\CPCommon.dll
2010-10-19 11:03 - 2010-10-19 11:03 - 00016384 _____ () C:\Program Files (x86)\Common Files\MedQuist\MonitorShredService.Resources.dll
2010-10-19 11:03 - 2010-10-19 11:03 - 00028672 _____ () C:\Program Files (x86)\Common Files\MedQuist\SecureStorageInterface.dll
2010-10-19 11:03 - 2010-10-19 11:03 - 00024576 _____ () C:\Program Files (x86)\Common Files\MedQuist\ClientExceptions.dll
2010-10-19 11:03 - 2010-10-19 11:03 - 00024576 _____ () C:\Program Files (x86)\Common Files\MedQuist\DataCache.dll
2010-09-16 13:51 - 2010-05-25 12:29 - 00014856 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll


==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sissy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
MSCONFIG\startupreg: DownloadManagerService => "C:\Program Files\Verizon Wireless\dist\servicerunner.exe" /action:startService
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
==================== Faulty Device Manager Devices =============
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Deskjet 3050A J611 series
Description: Deskjet 3050A J611 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/18/2014 00:58:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (06/18/2014 00:47:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x164
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (06/18/2014 00:46:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: MSVCR100.dll, version: 10.0.30319.1, time stamp: 0x4ba1dbbe
Exception code: 0xc0000005
Fault offset: 0x00002561
Faulting process id: 0xe3c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (06/17/2014 11:54:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17932, time stamp: 0x50327672
Exception code: 0xe06d7363
Fault offset: 0x0000c41f
Faulting process id: 0x11d8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (06/17/2014 11:40:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BayQText.EXE, version: 1.1.0.99, time stamp: 0x5316274a
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x00023c18
Faulting process id: 0x414
Faulting application start time: 0xBayQText.EXE0
Faulting application path: BayQText.EXE1
Faulting module path: BayQText.EXE2
Report Id: BayQText.EXE3
Error: (06/17/2014 10:53:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BayQText.EXE, version: 1.1.0.99, time stamp: 0x5316274a
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x00023c18
Faulting process id: 0xb20
Faulting application start time: 0xBayQText.EXE0
Faulting application path: BayQText.EXE1
Faulting module path: BayQText.EXE2
Report Id: BayQText.EXE3
Error: (06/17/2014 09:57:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BayQText.EXE, version: 1.1.0.99, time stamp: 0x5316274a
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x00023c18
Faulting process id: 0x984
Faulting application start time: 0xBayQText.EXE0
Faulting application path: BayQText.EXE1
Faulting module path: BayQText.EXE2
Report Id: BayQText.EXE3
Error: (06/17/2014 08:00:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BayQText.EXE, version: 1.1.0.99, time stamp: 0x5316274a
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x00023c18
Faulting process id: 0xdec
Faulting application start time: 0xBayQText.EXE0
Faulting application path: BayQText.EXE1
Faulting module path: BayQText.EXE2
Report Id: BayQText.EXE3
Error: (06/17/2014 07:07:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BayQText.EXE, version: 1.1.0.99, time stamp: 0x5316274a
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x00023c18
Faulting process id: 0x174c
Faulting application start time: 0xBayQText.EXE0
Faulting application path: BayQText.EXE1
Faulting module path: BayQText.EXE2
Report Id: BayQText.EXE3
Error: (06/17/2014 07:06:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BayQText.EXE, version: 1.1.0.99, time stamp: 0x5316274a
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x00023c18
Faulting process id: 0x1740
Faulting application start time: 0xBayQText.EXE0
Faulting application path: BayQText.EXE1
Faulting module path: BayQText.EXE2
Report Id: BayQText.EXE3
System errors:
=============
Error: (06/18/2014 01:03:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2862152).
Error: (06/18/2014 01:03:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2832414).
Error: (06/18/2014 01:03:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836943).
Error: (06/18/2014 01:03:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2876284).
Error: (06/18/2014 01:03:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2892074).
Error: (06/18/2014 01:03:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2855844).
Error: (06/18/2014 01:03:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2813430).
Error: (06/18/2014 01:03:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2928562).
Error: (06/18/2014 01:03:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2799926).
Error: (06/18/2014 01:03:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2922229).
Microsoft Office Sessions:
=========================
Error: (06/18/2014 00:58:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
Error: (06/18/2014 00:47:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b16401cf8ab04356c5e9C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla34875d4-f6a3-11e3-aae0-e069951d5f30
Error: (06/18/2014 00:46:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233MSVCR100.dll10.0.30319.14ba1dbbec000000500002561e3c01cf8aaf68ef111bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll7741fb00-f6a3-11e3-aae0-e069951d5f30
Error: (06/17/2014 11:54:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7601.175144ce79912KERNELBASE.dll6.1.7601.1793250327672e06d73630000c41f11d801cf8a785dd30264C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\syswow64\KERNELBASE.dll47fa72b5-f69c-11e3-aae0-e069951d5f30
Error: (06/17/2014 11:40:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BayQText.EXE1.1.0.995316274aMFC80.DLL8.0.50727.61954dcdeca2c000000500023c1841401cf8aa70538e3c7C:\Program Files (x86)\BayScribe\BayQText.EXEC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL475f3056-f69a-11e3-aae0-e069951d5f30
Error: (06/17/2014 10:53:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BayQText.EXE1.1.0.995316274aMFC80.DLL8.0.50727.61954dcdeca2c000000500023c18b2001cf8aa0669aed49C:\Program Files (x86)\BayScribe\BayQText.EXEC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLLa8dcffa1-f693-11e3-aae0-e069951d5f30
Error: (06/17/2014 09:57:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BayQText.EXE1.1.0.995316274aMFC80.DLL8.0.50727.61954dcdeca2c000000500023c1898401cf8a98b6ecc21bC:\Program Files (x86)\BayScribe\BayQText.EXEC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLLf8cc40a1-f68b-11e3-aae0-e069951d5f30
Error: (06/17/2014 08:00:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BayQText.EXE1.1.0.995316274aMFC80.DLL8.0.50727.61954dcdeca2c000000500023c18dec01cf8a88582ab898C:\Program Files (x86)\BayScribe\BayQText.EXEC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL99db5e3f-f67b-11e3-aae0-e069951d5f30
Error: (06/17/2014 07:07:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BayQText.EXE1.1.0.995316274aMFC80.DLL8.0.50727.61954dcdeca2c000000500023c18174c01cf8a80e3a3c876C:\Program Files (x86)\BayScribe\BayQText.EXEC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL27410313-f674-11e3-aae0-e069951d5f30
Error: (06/17/2014 07:06:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BayQText.EXE1.1.0.995316274aMFC80.DLL8.0.50727.61954dcdeca2c000000500023c18174001cf8a80ca8ef9a2C:\Program Files (x86)\BayScribe\BayQText.EXEC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL0da37a3e-f674-11e3-aae0-e069951d5f30
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 2815.3 MB
Available physical RAM: 1850.65 MB
Total Pagefile: 5628.8 MB
Available Pagefile: 4082.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:452.7 GB) (Free:383.37 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.96 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 33CDB75F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 
Thanks again.


Edited by xXToffeeXx, 19 June 2014 - 08:46 AM.
Removed formatting to make log easier to read


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:40 AM

Posted 19 June 2014 - 09:31 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi Ravyn317,
 

I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Ravyn317

Ravyn317
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 19 June 2014 - 10:30 AM

Hi Toffee,

Thank you so much for taking the time to help with this.  Yes, I've been reading how bad this thing is, and it's scary.  I will get another computer as soon as I can, but want to try to clean this one up.  I had uninstalled and redownloaded Avast, and the alerts stopped most of the day yesterday, but last night they were back.  I guess it's corrupting Avast?

 

Anyway, here are the logs:

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Sissy (administrator) on SISSY-HP on 19-06-2014 11:14:49
Running from C:\Users\Sissy\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-06-29] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2010-06-23] ()
HKLM-x32\...\Run: [WinVNC] => C:\Program Files\iTivity\bin\rfbd.exe [473600 2010-07-28] (Tridia Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-18] (AVAST Software)
HKU\S-1-5-21-1288622996-2042830089-4238044840-1001\...\MountPoints2: {c08e9a6a-f421-11e0-80ca-e069951d5f30} - F:\MI.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {697317EC-D871-4E09-847D-441993114BF9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {CA9023D6-5C2F-4EA7-A9DE-43DCAD8B027A} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {FF8C9526-992D-4B2F-8835-A062F247E4EB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {697317EC-D871-4E09-847D-441993114BF9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {CA9023D6-5C2F-4EA7-A9DE-43DCAD8B027A} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {FF8C9526-992D-4B2F-8835-A062F247E4EB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {697317EC-D871-4E09-847D-441993114BF9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {CA9023D6-5C2F-4EA7-A9DE-43DCAD8B027A} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {FF8C9526-992D-4B2F-8835-A062F247E4EB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: BayScribeObj Class - {5E028439-81C7-4B82-BC74-25156306F532} - C:\Program Files (x86)\BayScribe\bayscribe.dll (BayScribe)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {9DDB393E-A5C2-40F7-A37F-4957CAC7C65C} http://workportal01.trcr.com/clientinstall/production/BTClient/ActiveXLoader.CAB
DPF: HKLM-x32 {D9E4E21E-60E0-11DA-91EB-00123F33E209} https://installers.speechmachines.org/Installer/DNInstaller2.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nuanceevents.webex.com/client/WBXclient-T29L10NSP3-17099/nbr/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
DPF: HKLM-x32 {EF2E2523-5E55-4A8F-A0C9-0F2B7457290C} https://mls.trcr.com/CABS/SWTrackerCTL.CAB
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.159.64.23 24.217.0.5 24.178.162.3

FireFox:
========
FF ProfilePath: C:\Users\Sissy\AppData\Roaming\Mozilla\Firefox\Profiles\u0r02v50.default-1382308985168
FF DefaultSearchEngine: Twitter
FF SelectedSearchEngine: Twitter
FF Homepage: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @spoon.net/Spoon Plugin 3.32 - C:\Program Files (x86)\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Sissy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: LWAPlugin15.8 - C:\Users\Sissy\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Sissy\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Sissy\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll ()
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-07]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (YouTube) - C:\Users\Sissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-03]
CHR Extension: (Google Search) - C:\Users\Sissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-03]
CHR Extension: (Gmail) - C:\Users\Sissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-03]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-18] (AVAST Software)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [524288 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [125552 2010-06-23] ()
S3 iTivityODConnector; C:\Program Files\iTivity\bin\connector_od.exe [516903 2010-12-18] (Tridia Corporation) [File not signed]
S3 iTivityODConnectToIASConnector; C:\Program Files\iTivity\bin\connector_od.exe [516903 2010-12-18] (Tridia Corporation) [File not signed]
S3 iTivityODController; C:\Program Files\iTivity\bin\processor_od.exe [552303 2010-12-18] (Tridia Corporation) [File not signed]
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S2 MedQuist Client Platform Service; C:\Program Files (x86)\Common Files\MedQuist\MQHostService.exe [28672 2010-10-19] (MedQuist, Inc.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [524288 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TridiaFTPServer; C:\Program Files\iTivity\bin\ftpd.exe [536640 2007-07-16] (Tridia Corporation) [File not signed]
S2 tridiavnc; C:\Program Files\iTivity\bin\rfbd.exe [473600 2010-07-28] (Tridia Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 ACPIService; C:\Windows\System32\DRIVERS\OSDACPI.SYS [17992 2009-06-17] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-18] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-18] ()
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [24376 2010-04-27] ()
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-04-27] ()

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\OSDACPI.SYS DE7E8D852A806BE6091983838BF9697F
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 75E4BACA583AE02C11E9AC8747E2ABE0
C:\Windows\System32\DRIVERS\atikmpag.sys B765CF4B32F347BE747B21AE22641025
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdsata.sys F747497A0EE5498F79B207F215B3D2D8
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys 2946D695E158615BAAA16248E63C7ADB
C:\Windows\System32\DRIVERS\amd_sata.sys 352476C98EF3952563A14F767491BBA9
C:\Windows\System32\DRIVERS\amd_xata.sys F4805C309FE48D6939147FE5CCDB1AD4
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 340B0467E98A8C92697D73034DB4BCB7
C:\Windows\System32\Drivers\aswKbd.sys F146F83E8F7AC22BD011D5942E4C155C
C:\Windows\system32\drivers\aswMonFlt.sys ED5B09937D559FFA53FC988D20031E98
C:\Windows\system32\drivers\aswRdr2.sys 33C77DCB0AEC76E26BD6352A1A5281BB
C:\Windows\System32\Drivers\aswRvrt.sys BF5B9E9E97CED45208E498D9FA73688F
C:\Windows\system32\drivers\aswSnx.sys F88CE00A7736C349ED1414D7ECDC9BED
C:\Windows\system32\drivers\aswSP.sys 3AE912B08E2A1ABB2B63F3C56BED95C2
C:\Windows\system32\drivers\aswStm.sys A7115ED31675BB823CFA9FE571C25676
C:\Windows\System32\Drivers\aswVmm.sys 47CBD3F64E412FFAFD93404580A3C7B9
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AtiPcie64.sys E82E61F46D1336447F4DEFF8C074F13E
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys 9573E8C7C3B3D1625FD941841FD0859C
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\drivers\CpqDfw.sys A398ED024F739E7BE74ECFFA8A713A89
C:\Windows\System32\drivers\cqcpu.sys 10FB0FF62AF6262BF88E3607E2AE2A69
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys 7AF9DAC504FBD047CBC3E64AE52C92BF
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 1C11E5D258BC374E7FBD598D75E49B75
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys 1982B291DF9833FB3ADC397EBD310A18
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys E453ACF4E7D44E5530B5D5F2B9CA8563
C:\Windows\System32\DRIVERS\NuidFltr.sys 9924BDC1882F8C92335E26483BD1FB24
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys 4F0878FD62D5F7444C5F1C4C66D9D293
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys FCAF9C2C9EADF8F397C3350760EF500F
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 37608401DFDB388CAF66917F6B2D6FB0
C:\Windows\System32\DRIVERS\tcpip.sys 37608401DFDB388CAF66917F6B2D6FB0
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys AF1B9474D67897D0C2CFF58E0ACEACCC
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\system32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-19 11:11 - 2014-06-19 11:15 - 00032692 _____ () C:\Users\Sissy\Desktop\FRST.txt
2014-06-19 11:09 - 2014-06-19 11:09 - 02082304 _____ (Farbar) C:\Users\Sissy\Desktop\FRST64.exe
2014-06-18 23:17 - 2014-06-18 23:17 - 00313521 ____S () C:\Windows\system32\cicy.kly
2014-06-18 23:17 - 2014-06-18 23:17 - 00070656 _____ (Microsoft Corporation) C:\Users\Sissy\AppData\Roaming\rjrxgw.dll
2014-06-18 17:40 - 2014-06-18 17:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-18 17:40 - 2014-06-18 17:40 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1403127633466
2014-06-18 17:40 - 2014-06-18 17:40 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1403127633466
2014-06-18 17:40 - 2014-06-18 17:40 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-18 17:40 - 2014-06-18 17:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-18 17:35 - 2014-06-18 17:35 - 94714880 _____ (AVAST Software) C:\Users\Sissy\Desktop\avast_free_antivirus_setup.exe
2014-06-18 17:22 - 2014-06-18 17:22 - 00003242 _____ () C:\Windows\System32\Tasks\{E071A093-8D3D-429B-BBE6-671296F2BC50}
2014-06-18 17:06 - 2014-06-18 17:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 15:52 - 2014-06-19 11:14 - 00000000 ____D () C:\FRST
2014-06-17 03:53 - 2014-06-17 04:01 - 00000000 ____D () C:\AdwCleaner
2014-06-16 21:36 - 2014-06-16 21:36 - 00000000 ____D () C:\Users\Sissy\AppData\Roaming\AVAST Software
2014-06-16 21:35 - 2014-06-16 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-16 20:44 - 2014-06-16 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 14:27 - 2014-06-07 14:27 - 00000000 ____D () C:\Windows\Sun
2014-06-07 14:27 - 2014-06-07 14:27 - 00000000 ____D () C:\ProgramData\Sun

==================== One Month Modified Files and Folders =======

2014-06-19 11:15 - 2014-06-19 11:11 - 00032692 _____ () C:\Users\Sissy\Desktop\FRST.txt
2014-06-19 11:14 - 2014-06-18 15:52 - 00000000 ____D () C:\FRST
2014-06-19 11:13 - 2014-02-20 11:29 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSissy
2014-06-19 11:13 - 2014-02-20 11:29 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForSissy.job
2014-06-19 11:13 - 2011-05-05 15:17 - 00000000 ____D () C:\Users\Sissy\AppData\Roaming\HP Support Assistant
2014-06-19 11:13 - 2011-04-08 14:33 - 00000000 ____D () C:\Users\Sissy\AppData\Roaming\HpUpdate
2014-06-19 11:09 - 2014-06-19 11:09 - 02082304 _____ (Farbar) C:\Users\Sissy\Desktop\FRST64.exe
2014-06-19 11:09 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 11:09 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 11:07 - 2010-09-16 12:59 - 01983776 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 11:01 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 11:01 - 2009-07-14 00:51 - 00177170 _____ () C:\Windows\setupact.log
2014-06-18 23:32 - 2010-09-16 16:06 - 00456956 _____ () C:\Windows\PFRO.log
2014-06-18 23:17 - 2014-06-18 23:17 - 00313521 ____S () C:\Windows\system32\cicy.kly
2014-06-18 23:17 - 2014-06-18 23:17 - 00070656 _____ (Microsoft Corporation) C:\Users\Sissy\AppData\Roaming\rjrxgw.dll
2014-06-18 17:47 - 2014-06-18 17:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-18 17:40 - 2014-06-18 17:40 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1403127633466
2014-06-18 17:40 - 2014-06-18 17:40 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1403127633466
2014-06-18 17:40 - 2014-06-18 17:40 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-18 17:40 - 2014-06-18 17:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-18 17:40 - 2014-06-18 17:40 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-18 17:40 - 2011-06-08 23:44 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-18 17:39 - 2011-06-08 23:44 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-18 17:37 - 2009-07-14 01:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-18 17:36 - 2011-06-08 23:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-18 17:35 - 2014-06-18 17:35 - 94714880 _____ (AVAST Software) C:\Users\Sissy\Desktop\avast_free_antivirus_setup.exe
2014-06-18 17:32 - 2013-06-13 00:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 17:22 - 2014-06-18 17:22 - 00003242 _____ () C:\Windows\System32\Tasks\{E071A093-8D3D-429B-BBE6-671296F2BC50}
2014-06-18 17:07 - 2014-06-18 17:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 16:53 - 2013-07-15 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-18 16:53 - 2013-07-15 19:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-18 16:53 - 2013-07-15 19:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-18 16:53 - 2013-06-09 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-18 16:53 - 2013-06-09 21:46 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-18 16:53 - 2011-11-13 22:12 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-18 16:53 - 2011-04-14 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-18 16:53 - 2011-04-14 17:13 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-18 16:53 - 2010-09-16 13:23 - 00000000 ____D () C:\ProgramData\CinemaNow
2014-06-18 16:53 - 2010-09-16 13:07 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-06-18 16:53 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew
2014-06-18 16:53 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-18 16:53 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-18 16:53 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2014-06-18 16:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-06-18 16:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-18 16:52 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-18 16:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-06-18 16:50 - 2011-11-13 22:41 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-06-18 16:43 - 2012-01-01 16:56 - 00000000 ____D () C:\ProgramData\Recovery
2014-06-18 15:42 - 2011-04-06 13:45 - 00000000 ____D () C:\Users\Sissy
2014-06-18 13:08 - 2010-09-16 13:07 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-18 12:58 - 2011-06-08 23:44 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-06-18 00:47 - 2011-04-19 19:52 - 00000000 ____D () C:\Users\Sissy\AppData\Local\CrashDumps
2014-06-17 04:01 - 2014-06-17 03:53 - 00000000 ____D () C:\AdwCleaner
2014-06-16 23:56 - 2011-04-09 11:21 - 00000000 ____D () C:\Users\Sissy\AppData\Local\Adobe
2014-06-16 21:36 - 2014-06-16 21:36 - 00000000 ____D () C:\Users\Sissy\AppData\Roaming\AVAST Software
2014-06-16 21:35 - 2014-06-16 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-16 20:44 - 2014-06-16 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 20:38 - 2012-02-18 02:07 - 00000000 ____D () C:\ProgramData\Medquist
2014-06-07 14:27 - 2014-06-07 14:27 - 00000000 ____D () C:\Windows\Sun
2014-06-07 14:27 - 2014-06-07 14:27 - 00000000 ____D () C:\ProgramData\Sun
2014-06-06 21:54 - 2013-01-29 17:33 - 00000000 ____D () C:\Users\Sissy\Documents\Transcend
2014-05-31 21:05 - 2014-03-03 18:32 - 00000000 ____D () C:\Users\Sissy\AppData\Local\Battle.net
2014-05-31 20:50 - 2014-03-03 18:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-22 13:35 - 2009-07-14 01:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\Sissy\DownloadManagerWin64-2.2.8-SNAPSHOT.r11227.exe

Some content of TEMP:
====================
C:\Users\Sissy\AppData\Local\Temp\BTClientSetup.exe
C:\Users\Sissy\AppData\Local\Temp\i4jdel0.exe
C:\Users\Sissy\AppData\Local\Temp\jna1126792939768225439.dll
C:\Users\Sissy\AppData\Local\Temp\MSN4317.exe
C:\Users\Sissy\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2011-09-30 10:36] - [2010-11-20 09:27] - 0524288 ____A (Microsoft Corporation) 80A39F43E5F0F83D9894572BB2564255

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {5312aa06-7887-11de-b1db-001321be213f}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {d50dbb1d-608d-11e0-806a-e069951d5f30}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {d50dbb1d-608d-11e0-806a-e069951d5f30}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {5312aa06-7887-11de-b1db-001321be213f}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {d50dbb1d-608d-11e0-806a-e069951d5f30}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{d50dbb1e-608d-11e0-806a-e069951d5f30}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{d50dbb1e-608d-11e0-806a-e069951d5f30}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {5312aa06-7887-11de-b1db-001321be213f}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {d50dbb1e-608d-11e0-806a-e069951d5f30}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

 

LastRegBack: 2014-06-18 18:06

==================== End Of Log ============================

 

 

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by Sissy at 2014-06-19 11:15:44
Running from C:\Users\Sissy\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{E2D662AD-3FE3-26C5-5540-90E4974EF412}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BeyondTXT Desktop (HKLM-x32\...\InstallShield_{FDA1FEE4-8BFE-48AA-9C02-D4714B579E07}) (Version: 4.0.22.05 - TRCR)
BeyondTXT Desktop (x32 Version: 4.0.22.05 - TRCR) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Career Step Foot Pedal Software (remove only) (HKLM-x32\...\PedalPlugin) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help English (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help French (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help German (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
ccc-utility64 (Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
ClientPlatformForDocQscribe (x32 Version: 1.0.0 - Default Company Name) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2823 - CyberLink Corp.) Hidden
D110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition update for Microsoft Office 2010 (KB982726) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E14AE329-F210-4EDD-B775-290821C66C1F}) (Version:  - Microsoft)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
ePSXe 1.8.0 (HKLM-x32\...\ePSXe) (Version: 1.8.0 - ePSXe)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
EXText COM objects (HKLM-x32\...\{53904A07-BD33-4741-BF78-DE2707E5F994}) (Version: 83.161.3 - Nuance Communications, Inc.)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.1.4301 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3107 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 4.1.3107 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP My Display (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.00.165 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.4.0 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{4BC310C4-B898-46E2-B5FB-B85A30AA7142}) (Version: 2.0.2.187 - Apple Inc.)
iTivity (HKLM-x32\...\{B4DB7658-A8D2-458C-B68C-9DBA74F1CCD3}) (Version: 5.04.0400 - Tridia Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jnes 1.1 (HKLM-x32\...\Jnes) (Version: 1.1 - Jnes)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Lync 2010 Attendee (HKLM-x32\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4415 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{17C3AEBF-519D-4FF0-B8D9-4BAD461370A4}) (Version: 15.8.8658.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 Download Manager (HKLM-x32\...\com.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1) (Version: 2.2.8-SNAPSHOT.r11227 - Verizon Wireless)
MP3 Download Manager (x32 Version: 2.2.8 - Verizon Wireless) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Philips Correction Components (HKLM-x32\...\{A706C466-E03D-4293-850B-067C785A4A3F}) (Version: 1.20.0000 - Philips Speech Processing)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3025 - CyberLink Corp.) Hidden
Roxio CinemaNow 2.0 (x32 Version: 1.0.284 - Hewlett-Packard) Hidden
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.22.002 - Portrait Displays, Inc.) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Shorthand 10.00 (HKLM-x32\...\Shorthand 10_is1) (Version:  - OfficeSoft LLC)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spark 2.6.3.12555 (HKLM-x32\...\Spark 2.6.3.12555) (Version:  - Jive Software)
SSIVoxPlayer 1.5.8-060314 (HKLM-x32\...\SSIVoxPlayer_is1) (Version:  - SoftScript, Inc.)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Stedman's Medical & Surgical Equipment Words 1.0 (HKLM-x32\...\Stedman's Medical & Surgical Equipment Words) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Transcription Productivity Tools (HKLM-x32\...\{CEBDC4E5-7C13-44E8-A581-5247F806E26E}) (Version: 1.10.099 - Records One)
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2202188) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{86B7A074-265D-420C-9E1E-7A920EF0ECA7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{556146F7-74AE-4E0A-B64F-5B8B93469F61}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B5516874-E926-4BFD-B412-D0E70112F244}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D6CE7280-6EE3-419A-8F47-DB111C040B1B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2433299) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6C845127-B949-4D76-A732-BCB396AD9AA5}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector (KB2289116) (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{E966C940-CC8C-4EC0-8D84-ED27AC20D53C}) (Version:  - Microsoft)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
W Photo Studio (HKLM-x32\...\{CBF3C503-946E-45EA-B347-EACC41781989}) (Version: 1.0.0.143 - Walgreens)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

14-06-2014 23:09:06 Scheduled Checkpoint
16-06-2014 23:41:45 avast! antivirus system restore point
17-06-2014 01:12:18 avast! antivirus system restore point
17-06-2014 01:18:02 Windows Update
17-06-2014 01:31:40 avast! antivirus system restore point
17-06-2014 07:25:42 Removed QuickTime 7
17-06-2014 22:03:42 Removed Java 7 Update 60
18-06-2014 08:59:34 Windows Update
18-06-2014 21:23:32 avast! Free Antivirus Setup
18-06-2014 21:39:20 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {21819646-0F4A-4F5B-9B29-86734E38FCB1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {267A70A3-6A58-4E8E-90BF-03D1499961D8} - System32\Tasks\{5422B42A-C1CA-4163-BA1C-D6360B371AAC} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2011-06-16] (Yahoo! Inc.)
Task: {3298D07B-EF8F-484B-B4CA-46954EBEBCAE} - System32\Tasks\HPCeeScheduleForSissy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {3776EE9C-04CE-4576-A753-FDA0F940BEA6} - System32\Tasks\{0E1075AC-8C5F-498B-85BE-BE88ED261EC5} => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2011-06-16] (Yahoo! Inc.)
Task: {820C97C7-016B-432F-A821-40C5ACE487A3} - System32\Tasks\{F1F15AA2-938C-4267-A2DB-6CD72A6BCB46} => Firefox.exe
Task: {85915EC0-4A3F-4416-8FC4-C7E77B4027F8} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe
Task: {8C0629AB-DEAB-4E2D-91C9-C6816DEE9F04} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {8EEC3495-1891-436C-A7B4-221E9DAD159A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-18] (AVAST Software)
Task: {903FA5E4-C492-4763-B628-F650232DDC9F} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {99CA9EB2-0E22-4445-AC9C-D7FCF9650E49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {9DD80FB4-BF28-4B10-9F28-E88DFCDDB841} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {A0909F70-0F76-4897-9FD6-892A0F8906B2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink)
Task: {B392E09C-9BB6-489B-A810-6B6E679F1F36} - System32\Tasks\{EB027AA8-7FF7-4B89-951C-75DE98DF2B36} => Firefox.exe
Task: {C12D42D7-D60D-4B29-A19A-C9030319892C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {C590E229-C63F-471B-92A6-39AE7659CA20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {C59C1445-38F8-4196-8A44-3A095261B0D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C8A32CDE-D1BC-49AE-9C91-28728B6D064F} - System32\Tasks\{742F7BAB-0FAE-4689-B652-8E3354D6036B} => C:\Program Files (x86)\MedQuist\DocQscribe 7.1\DocQscribe7.exe
Task: {D604FEC1-F524-4913-ACDB-E4612ACDB16D} - System32\Tasks\{D25486E1-8ACD-4DF7-B52C-DB7B3FC3A406} => C:\Program Files (x86)\TRCR\BeyondTXT\DAPlayer.exe [2014-03-28] (Nuance Communications, Inc.)
Task: {E56FD9CF-3D3E-40D7-9886-FA96A0C197A2} - System32\Tasks\{78DA0194-C6AA-44D1-9F17-ECF85162B15A} => Firefox.exe
Task: {EDBCDC38-61A2-49FE-8C75-FFB87C6E0B45} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {F125EB3B-B0DF-4843-96B9-E0D0C3C55CD4} - System32\Tasks\{5B3F6517-3196-4789-9CC5-30487A42FC71} => C:\InstText\Exe_v7\IT7Pro.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSissy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-09-16 13:51 - 2010-06-23 15:09 - 00125552 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
2012-09-08 03:32 - 2012-09-08 03:32 - 00943504 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2009-06-08 19:45 - 2009-06-08 19:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-16 13:11 - 2010-09-16 13:11 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-06-18 18:25 - 2014-06-18 18:25 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061800\algo.dll
2014-06-19 11:02 - 2014-06-19 11:02 - 02783232 _____ () C:\Program Files\AVAST Software\Avast\defs\14061900\algo.dll
2014-06-18 17:40 - 2014-06-18 17:40 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-09-16 13:51 - 2010-05-25 12:29 - 00014856 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sissy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
MSCONFIG\startupreg: DownloadManagerService => "C:\Program Files\Verizon Wireless\dist\servicerunner.exe" /action:startService
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet 3050A J611 series
Description: Deskjet 3050A J611 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2014 06:09:37 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/18/2014 05:39:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary rscvdwqi.

System Error:
The system cannot find the file specified.
.

Error: (06/18/2014 00:58:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/18/2014 00:47:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x164
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (06/18/2014 00:46:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: MSVCR100.dll, version: 10.0.30319.1, time stamp: 0x4ba1dbbe
Exception code: 0xc0000005
Fault offset: 0x00002561
Faulting process id: 0xe3c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (06/17/2014 11:54:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17932, time stamp: 0x50327672
Exception code: 0xe06d7363
Fault offset: 0x0000c41f
Faulting process id: 0x11d8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/17/2014 11:40:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BayQText.EXE, version: 1.1.0.99, time stamp: 0x5316274a
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x00023c18
Faulting process id: 0x414
Faulting application start time: 0xBayQText.EXE0
Faulting application path: BayQText.EXE1
Faulting module path: BayQText.EXE2
Report Id: BayQText.EXE3

Error: (06/17/2014 10:53:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BayQText.EXE, version: 1.1.0.99, time stamp: 0x5316274a
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x00023c18
Faulting process id: 0xb20
Faulting application start time: 0xBayQText.EXE0
Faulting application path: BayQText.EXE1
Faulting module path: BayQText.EXE2
Report Id: BayQText.EXE3

Error: (06/17/2014 09:57:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BayQText.EXE, version: 1.1.0.99, time stamp: 0x5316274a
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x00023c18
Faulting process id: 0x984
Faulting application start time: 0xBayQText.EXE0
Faulting application path: BayQText.EXE1
Faulting module path: BayQText.EXE2
Report Id: BayQText.EXE3

Error: (06/17/2014 08:00:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BayQText.EXE, version: 1.1.0.99, time stamp: 0x5316274a
Faulting module name: MFC80.DLL, version: 8.0.50727.6195, time stamp: 0x4dcdeca2
Exception code: 0xc0000005
Fault offset: 0x00023c18
Faulting process id: 0xdec
Faulting application start time: 0xBayQText.EXE0
Faulting application path: BayQText.EXE1
Faulting module path: BayQText.EXE2
Report Id: BayQText.EXE3

System errors:
=============
Error: (06/19/2014 11:07:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LightScribeService Direct Disc Labeling Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/19/2014 11:07:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Tridia Screen Server service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/19/2014 11:03:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/19/2014 11:02:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (06/19/2014 11:01:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MedQuist Client Platform Service service failed to start due to the following error:
%%1053

Error: (06/19/2014 11:01:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MedQuist Client Platform Service service to connect.

Error: (06/19/2014 01:14:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/18/2014 11:54:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LightScribeService Direct Disc Labeling Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/18/2014 11:53:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MedQuist Client Platform Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/18/2014 11:34:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (06/18/2014 06:09:37 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/18/2014 05:39:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary rscvdwqi.

System Error:
The system cannot find the file specified.

Error: (06/18/2014 00:58:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

Error: (06/18/2014 00:47:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b16401cf8ab04356c5e9C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla34875d4-f6a3-11e3-aae0-e069951d5f30

Error: (06/18/2014 00:46:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233MSVCR100.dll10.0.30319.14ba1dbbec000000500002561e3c01cf8aaf68ef111bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll7741fb00-f6a3-11e3-aae0-e069951d5f30

Error: (06/17/2014 11:54:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7601.175144ce79912KERNELBASE.dll6.1.7601.1793250327672e06d73630000c41f11d801cf8a785dd30264C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\syswow64\KERNELBASE.dll47fa72b5-f69c-11e3-aae0-e069951d5f30

Error: (06/17/2014 11:40:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BayQText.EXE1.1.0.995316274aMFC80.DLL8.0.50727.61954dcdeca2c000000500023c1841401cf8aa70538e3c7C:\Program Files (x86)\BayScribe\BayQText.EXEC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL475f3056-f69a-11e3-aae0-e069951d5f30

Error: (06/17/2014 10:53:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BayQText.EXE1.1.0.995316274aMFC80.DLL8.0.50727.61954dcdeca2c000000500023c18b2001cf8aa0669aed49C:\Program Files (x86)\BayScribe\BayQText.EXEC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLLa8dcffa1-f693-11e3-aae0-e069951d5f30

Error: (06/17/2014 09:57:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BayQText.EXE1.1.0.995316274aMFC80.DLL8.0.50727.61954dcdeca2c000000500023c1898401cf8a98b6ecc21bC:\Program Files (x86)\BayScribe\BayQText.EXEC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLLf8cc40a1-f68b-11e3-aae0-e069951d5f30

Error: (06/17/2014 08:00:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BayQText.EXE1.1.0.995316274aMFC80.DLL8.0.50727.61954dcdeca2c000000500023c18dec01cf8a88582ab898C:\Program Files (x86)\BayScribe\BayQText.EXEC:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL99db5e3f-f67b-11e3-aae0-e069951d5f30

==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 2815.3 MB
Available physical RAM: 1702.87 MB
Total Pagefile: 5628.8 MB
Available Pagefile: 4209.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.7 GB) (Free:383.01 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.96 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 33CDB75F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:40 AM

Posted 19 June 2014 - 12:42 PM

Hi Ravyn317,
 
You are still infected, but with another type of malware which has patched one of your system files. It would be good to clean this system as then you can transfer files without worry and until you get the new computer then you will be using this one I believe so best to stop malware tracking what you do.
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM-x32\...\Run: [] => [X]
2014-06-18 23:17 - 2014-06-18 23:17 - 00313521 ____S () C:\Windows\system32\cicy.kly
C:\Users\Sissy\DownloadManagerWin64-2.2.8-SNAPSHOT.r11227.exe
C:\Users\Sissy\AppData\Local\Temp\BTClientSetup.exe
C:\Users\Sissy\AppData\Local\Temp\i4jdel0.exe
C:\Users\Sissy\AppData\Local\Temp\jna1126792939768225439.dll
C:\Users\Sissy\AppData\Local\Temp\MSN4317.exe
C:\Users\Sissy\AppData\Local\Temp\ose00000.exe
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
We need to search for a file with FRST:

  • Download Farbar's Recovery Scan Tool and save it to your desktop
  • Double-click on FRST.exe/FRST64.exe to open it, in the search box, type the following: rpcss.dll
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

--------------
 
Does Avast still warn of Zbot?
 
--------------
 
Also, if you do not use Yahoo Toolbar, HP Games or any of the games which appear in the control panel then I suggest uninstalling them.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner Scan Log
  • Fixlog.txt
  • Search.txt
  • Avast warning

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Ravyn317

Ravyn317
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 19 June 2014 - 02:03 PM

Hi Toffee,

 

I did everything.  When I did the AdwCleaner scan, I clicked on clean (accident).  Not sure you wanted me to do that.  Then I did the fix you requested.  When the computer restarted, it went back to what it did yesterday, would not load windows.  I had to do a system restore, restored to yesterday just before I reinstalled Avast, and so had to reinstall Avast again.  This happened yesterday after I used AdwCleaner and cleaned.

 

Hope I'm not making it more difficult for you :(

 

As for Avast and Zbot, I have done several scans with Avast over the last few days, and the only time it found Zbot was when I did a boot scan.  Other than that, it just keeps warning me about "threat detected" every few seconds, and the URL it warns me about is always different.

 

Here are the logs you requested:

 

# AdwCleaner v3.212 - Report created 17/06/2014 at 03:53:55
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sissy - SISSY-HP
# Running from : C:\Users\Sissy\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Sissy\AppData\Roaming\Mozilla\Firefox\Profiles\u0r02v50.default-1382308985168\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Sissy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1930 octets] - [17/06/2014 03:53:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1990 octets] ##########
# AdwCleaner v3.212 - Report created 19/06/2014 at 14:05:35
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sissy - SISSY-HP
# Running from : C:\Users\Sissy\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Sissy\AppData\Roaming\Mozilla\Firefox\Profiles\u0r02v50.default-1382308985168\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Sissy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3928 octets] - [17/06/2014 03:53:55]
AdwCleaner[S0].txt - [2135 octets] - [17/06/2014 04:01:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4048 octets] ##########
# AdwCleaner v3.212 - Report created 19/06/2014 at 14:45:31
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sissy - SISSY-HP
# Running from : C:\Users\Sissy\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Sissy\AppData\Roaming\Mozilla\Firefox\Profiles\u0r02v50.default-1382308985168\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Sissy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5982 octets] - [17/06/2014 03:53:55]
AdwCleaner[S0].txt - [4218 octets] - [17/06/2014 04:01:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6102 octets] ##########

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by Sissy at 2014-06-19 14:24:36 Run:1
Running from C:\Users\Sissy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
2014-06-18 23:17 - 2014-06-18 23:17 - 00313521 ____S () C:\Windows\system32\cicy.kly
C:\Users\Sissy\DownloadManagerWin64-2.2.8-SNAPSHOT.r11227.exe
C:\Users\Sissy\AppData\Local\Temp\BTClientSetup.exe
C:\Users\Sissy\AppData\Local\Temp\i4jdel0.exe
C:\Users\Sissy\AppData\Local\Temp\jna1126792939768225439.dll
C:\Users\Sissy\AppData\Local\Temp\MSN4317.exe
C:\Users\Sissy\AppData\Local\Temp\ose00000.exe
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
Could not move "C:\Windows\system32\cicy.kly" => Scheduled to move on reboot.
C:\Users\Sissy\DownloadManagerWin64-2.2.8-SNAPSHOT.r11227.exe => Moved successfully.
C:\Users\Sissy\AppData\Local\Temp\BTClientSetup.exe => Moved successfully.
C:\Users\Sissy\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Sissy\AppData\Local\Temp\jna1126792939768225439.dll => Moved successfully.
C:\Users\Sissy\AppData\Local\Temp\MSN4317.exe => Moved successfully.
C:\Users\Sissy\AppData\Local\Temp\ose00000.exe => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087428\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087328\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087335\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087453\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087536\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087342\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087360\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087361\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087362\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087372\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087373\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087379\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087394\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087501\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087395\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087396\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087397\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087414\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087513\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087415\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WT087533\\SystemComponent => value deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-19 14:48:52)<=

C:\Windows\system32\cicy.kly => Is moved successfully.

==== End of Fixlog ====

 

 

 

 

Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by Sissy at 2014-06-19 14:49:07
Running from C:\Users\Sissy\Desktop
Boot Mode: Normal

================== Search Files: "rpcss.dll
" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-09-30 10:36][2010-11-20 09:27] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 20:00][2009-07-13 21:41] 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027 [File is signed]

C:\Windows\System32\rpcss.dll
[2011-09-30 10:36][2010-11-20 09:27] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

====== End Of Search ======

 

 

Again, Avast isn't warning specifically about Zbot, although I suspect it's still there.  Avast only found it once (boot scan).

 

Thanks so much :)



#6 Ravyn317

Ravyn317
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 19 June 2014 - 02:07 PM

Also, just a question.  Since I had to do a restore to an earlier point, should I run the fix you gave me again?  I restored to last restore point which was yesterday afternoon.  How to know what is causing the startup problem?  It only did that the 2 times I "cleaned" it, which was once with Malwarybytes and once with AdwCleaner.

 

Thanks again.



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:40 AM

Posted 22 June 2014 - 02:00 PM

Hi Ravyn317,
 
If you ran the fix after the restore then there is no need to re-run it.
 
If you reboot and then try again when the computer hangs does it boot correctly then? There's a few things which could cause it and I would like to look into one cause in this post.
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.
 
--------------

Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in cmd and press Enter. In the black window that appears copy and paste chkdsk > %userprofile%\desktop\chkdsk.txt and press enter.
Wait for the prompt to return where you can type again, and there should be a text file on your desktop called chkdsk, copy and paste that into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner clean log
  • New FRST.txt
  • chkdsk.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 Ravyn317

Ravyn317
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 22 June 2014 - 03:10 PM

Hi Toffee,

 

Thanks for your reply.  I haven't had the boot issue since the last restore, which was a few days ago (my last post).  That seems to work fine now.  I haven't had those annoying continuous popups from Avast either, but I'm still worried about that Trojan (Win32:Zbot-PX).

 

Here are the logs you requested:

 

# AdwCleaner v3.212 - Report created 17/06/2014 at 04:01:18
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sissy - SISSY-HP
# Running from : C:\Users\Sissy\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\WEDLMNGR

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Sissy\AppData\Roaming\Mozilla\Firefox\Profiles\u0r02v50.default-1382308985168\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Sissy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2074 octets] - [17/06/2014 03:53:55]
AdwCleaner[S0].txt - [1995 octets] - [17/06/2014 04:01:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2055 octets] ##########
# AdwCleaner v3.212 - Report created 19/06/2014 at 14:14:40
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sissy - SISSY-HP
# Running from : C:\Users\Sissy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Sissy\AppData\Roaming\Mozilla\Firefox\Profiles\u0r02v50.default-1382308985168\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Sissy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4128 octets] - [17/06/2014 03:53:55]
AdwCleaner[S0].txt - [4078 octets] - [17/06/2014 04:01:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4138 octets] ##########
# AdwCleaner v3.212 - Report created 22/06/2014 at 15:48:05
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sissy - SISSY-HP
# Running from : C:\Users\Sissy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Sissy\AppData\Roaming\Mozilla\Firefox\Profiles\u0r02v50.default-1382308985168\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Sissy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6182 octets] - [17/06/2014 03:53:55]
AdwCleaner[R1].txt - [2114 octets] - [22/06/2014 15:46:13]
AdwCleaner[S0].txt - [6221 octets] - [17/06/2014 04:01:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6281 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by Sissy (administrator) on SISSY-HP on 22-06-2014 15:55:04
Running from C:\Users\Sissy\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(MedQuist, Inc.) C:\Program Files (x86)\Common Files\MedQuist\MQHostService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Tridia Corporation) C:\Program Files\iTivity\bin\rfbd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-06-29] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2010-06-23] ()
HKLM-x32\...\Run: [WinVNC] => C:\Program Files\iTivity\bin\rfbd.exe [473600 2010-07-28] (Tridia Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-19] (AVAST Software)
HKU\S-1-5-21-1288622996-2042830089-4238044840-1001\...\MountPoints2: {c08e9a6a-f421-11e0-80ca-e069951d5f30} - F:\MI.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {697317EC-D871-4E09-847D-441993114BF9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {CA9023D6-5C2F-4EA7-A9DE-43DCAD8B027A} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {FF8C9526-992D-4B2F-8835-A062F247E4EB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {697317EC-D871-4E09-847D-441993114BF9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {CA9023D6-5C2F-4EA7-A9DE-43DCAD8B027A} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {FF8C9526-992D-4B2F-8835-A062F247E4EB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {697317EC-D871-4E09-847D-441993114BF9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {CA9023D6-5C2F-4EA7-A9DE-43DCAD8B027A} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {FF8C9526-992D-4B2F-8835-A062F247E4EB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: BayScribeObj Class - {5E028439-81C7-4B82-BC74-25156306F532} - C:\Program Files (x86)\BayScribe\bayscribe.dll (BayScribe)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {9DDB393E-A5C2-40F7-A37F-4957CAC7C65C} http://workportal01.trcr.com/clientinstall/production/BTClient/ActiveXLoader.CAB
DPF: HKLM-x32 {D9E4E21E-60E0-11DA-91EB-00123F33E209} https://installers.speechmachines.org/Installer/DNInstaller2.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nuanceevents.webex.com/client/WBXclient-T29L10NSP3-17099/nbr/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
DPF: HKLM-x32 {EF2E2523-5E55-4A8F-A0C9-0F2B7457290C} https://mls.trcr.com/CABS/SWTrackerCTL.CAB
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.159.64.23 24.217.0.5 24.178.162.3

FireFox:
========
FF ProfilePath: C:\Users\Sissy\AppData\Roaming\Mozilla\Firefox\Profiles\u0r02v50.default-1382308985168
FF DefaultSearchEngine: Twitter
FF SelectedSearchEngine: Twitter
FF Homepage: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @spoon.net/Spoon Plugin 3.32 - C:\Program Files (x86)\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Sissy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: LWAPlugin15.8 - C:\Users\Sissy\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Sissy\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Sissy\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll ()
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-07]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (YouTube) - C:\Users\Sissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-03]
CHR Extension: (Google Search) - C:\Users\Sissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-03]
CHR Extension: (Gmail) - C:\Users\Sissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-03]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-19] (AVAST Software)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [125552 2010-06-23] ()
S3 iTivityODConnector; C:\Program Files\iTivity\bin\connector_od.exe [516903 2010-12-18] (Tridia Corporation) [File not signed]
S3 iTivityODConnectToIASConnector; C:\Program Files\iTivity\bin\connector_od.exe [516903 2010-12-18] (Tridia Corporation) [File not signed]
S3 iTivityODController; C:\Program Files\iTivity\bin\processor_od.exe [552303 2010-12-18] (Tridia Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 MedQuist Client Platform Service; C:\Program Files (x86)\Common Files\MedQuist\MQHostService.exe [28672 2010-10-19] (MedQuist, Inc.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 TridiaFTPServer; C:\Program Files\iTivity\bin\ftpd.exe [536640 2007-07-16] (Tridia Corporation) [File not signed]
R2 tridiavnc; C:\Program Files\iTivity\bin\rfbd.exe [473600 2010-07-28] (Tridia Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 ACPIService; C:\Windows\System32\DRIVERS\OSDACPI.SYS [17992 2009-06-17] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-19] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-19] ()
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [24376 2010-04-27] ()
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-04-27] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-22 15:55 - 2014-06-22 15:55 - 00016212 _____ () C:\Users\Sissy\Desktop\FRST.txt
2014-06-22 15:50 - 2014-06-22 15:50 - 00006361 _____ () C:\Users\Sissy\Desktop\AdwCleaner[S0].txt
2014-06-22 15:38 - 2014-06-22 15:38 - 00000000 ____D () C:\Users\Sissy\Desktop\FRST-OlderVersion
2014-06-19 14:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-19 14:44 - 2014-06-19 14:44 - 01333465 _____ () C:\Users\Sissy\Desktop\AdwCleaner.exe
2014-06-19 14:40 - 2014-06-22 15:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-19 14:40 - 2014-06-19 14:40 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-19 14:40 - 2014-06-19 14:40 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-19 14:40 - 2014-06-19 14:40 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-19 14:40 - 2014-06-19 14:39 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1403203230775
2014-06-19 14:40 - 2014-06-19 14:39 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1403203230775
2014-06-19 14:40 - 2014-06-19 14:39 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-19 14:40 - 2014-06-19 14:39 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-19 14:40 - 2014-06-19 14:39 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-19 14:40 - 2014-06-19 14:39 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-19 14:40 - 2014-06-19 14:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-19 14:39 - 2014-06-19 14:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-19 11:17 - 2014-06-19 11:17 - 00219853 _____ () C:\Users\Sissy\Desktop\Shortcut.txt
2014-06-19 11:15 - 2014-06-19 11:17 - 00049906 _____ () C:\Users\Sissy\Desktop\Addition.txt
2014-06-19 11:09 - 2014-06-22 15:38 - 02083328 _____ (Farbar) C:\Users\Sissy\Desktop\FRST64.exe
2014-06-18 17:40 - 2014-06-19 14:40 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-18 17:35 - 2014-06-18 17:35 - 94714880 _____ (AVAST Software) C:\Users\Sissy\Desktop\avast_free_antivirus_setup.exe
2014-06-18 17:22 - 2014-06-18 17:22 - 00003242 _____ () C:\Windows\System32\Tasks\{E071A093-8D3D-429B-BBE6-671296F2BC50}
2014-06-18 17:06 - 2014-06-19 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 15:52 - 2014-06-22 15:55 - 00000000 ____D () C:\FRST
2014-06-17 03:53 - 2014-06-22 15:48 - 00000000 ____D () C:\AdwCleaner
2014-06-16 21:36 - 2014-06-16 21:36 - 00000000 ____D () C:\Users\Sissy\AppData\Roaming\AVAST Software
2014-06-16 21:35 - 2014-06-19 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-16 20:44 - 2014-06-16 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 14:27 - 2014-06-07 14:27 - 00000000 ____D () C:\Windows\Sun
2014-06-07 14:27 - 2014-06-07 14:27 - 00000000 ____D () C:\ProgramData\Sun

==================== One Month Modified Files and Folders =======

2014-06-22 15:55 - 2014-06-22 15:55 - 00016212 _____ () C:\Users\Sissy\Desktop\FRST.txt
2014-06-22 15:55 - 2014-06-18 15:52 - 00000000 ____D () C:\FRST
2014-06-22 15:52 - 2010-09-16 12:59 - 01321930 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 15:50 - 2014-06-22 15:50 - 00006361 _____ () C:\Users\Sissy\Desktop\AdwCleaner[S0].txt
2014-06-22 15:49 - 2010-09-16 16:06 - 00457842 _____ () C:\Windows\PFRO.log
2014-06-22 15:49 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 15:49 - 2009-07-14 00:51 - 00178470 _____ () C:\Windows\setupact.log
2014-06-22 15:48 - 2014-06-17 03:53 - 00000000 ____D () C:\AdwCleaner
2014-06-22 15:47 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 15:47 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 15:43 - 2014-02-20 11:29 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSissy
2014-06-22 15:43 - 2014-02-20 11:29 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForSissy.job
2014-06-22 15:40 - 2014-06-19 14:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-22 15:38 - 2014-06-22 15:38 - 00000000 ____D () C:\Users\Sissy\Desktop\FRST-OlderVersion
2014-06-22 15:38 - 2014-06-19 11:09 - 02083328 _____ (Farbar) C:\Users\Sissy\Desktop\FRST64.exe
2014-06-22 15:38 - 2011-04-06 13:45 - 00000000 ____D () C:\Users\Sissy
2014-06-22 15:32 - 2011-04-19 19:52 - 00000000 ____D () C:\Users\Sissy\AppData\Local\CrashDumps
2014-06-22 13:48 - 2014-03-03 18:32 - 00000000 ____D () C:\Users\Sissy\AppData\Local\Battle.net
2014-06-22 13:35 - 2009-07-14 01:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-21 12:36 - 2012-02-18 02:07 - 00000000 ____D () C:\ProgramData\Medquist
2014-06-20 21:55 - 2013-01-29 17:33 - 00000000 ____D () C:\Users\Sissy\Documents\Transcend
2014-06-20 19:31 - 2013-04-08 13:12 - 00000000 ____D () C:\Users\Sissy\AppData\Roaming\TRCR
2014-06-20 12:49 - 2011-04-16 15:36 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-06-20 12:49 - 2011-04-16 15:34 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-06-20 12:48 - 2010-09-16 13:35 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-20 12:48 - 2010-09-16 13:35 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-06-20 12:48 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-19 18:34 - 2014-06-18 17:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 18:34 - 2014-06-16 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-19 18:34 - 2013-07-15 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-19 18:34 - 2013-06-09 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 18:34 - 2011-04-14 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-19 18:34 - 2010-09-16 13:23 - 00000000 ____D () C:\ProgramData\CinemaNow
2014-06-19 18:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-06-19 18:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-19 18:30 - 2012-01-01 16:56 - 00000000 ____D () C:\ProgramData\Recovery
2014-06-19 14:47 - 2011-05-05 15:17 - 00000000 ____D () C:\Users\Sissy\AppData\Roaming\HP Support Assistant
2014-06-19 14:47 - 2011-04-08 14:33 - 00000000 ____D () C:\Users\Sissy\AppData\Roaming\HpUpdate
2014-06-19 14:44 - 2014-06-19 14:44 - 01333465 _____ () C:\Users\Sissy\Desktop\AdwCleaner.exe
2014-06-19 14:40 - 2014-06-19 14:40 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-19 14:40 - 2014-06-19 14:40 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-19 14:40 - 2014-06-19 14:40 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-19 14:40 - 2014-06-18 17:40 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-19 14:39 - 2014-06-19 14:40 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1403203230775
2014-06-19 14:39 - 2014-06-19 14:40 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1403203230775
2014-06-19 14:39 - 2014-06-19 14:40 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-19 14:39 - 2014-06-19 14:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-19 14:39 - 2014-06-19 14:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-19 14:39 - 2014-06-19 14:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-19 14:39 - 2014-06-19 14:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-19 14:39 - 2014-06-19 14:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-19 14:39 - 2011-06-08 23:44 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-19 11:17 - 2014-06-19 11:17 - 00219853 _____ () C:\Users\Sissy\Desktop\Shortcut.txt
2014-06-19 11:17 - 2014-06-19 11:15 - 00049906 _____ () C:\Users\Sissy\Desktop\Addition.txt
2014-06-18 17:39 - 2011-06-08 23:44 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-18 17:36 - 2011-06-08 23:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-18 17:35 - 2014-06-18 17:35 - 94714880 _____ (AVAST Software) C:\Users\Sissy\Desktop\avast_free_antivirus_setup.exe
2014-06-18 17:32 - 2013-06-13 00:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 17:22 - 2014-06-18 17:22 - 00003242 _____ () C:\Windows\System32\Tasks\{E071A093-8D3D-429B-BBE6-671296F2BC50}
2014-06-18 16:53 - 2013-07-15 19:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-18 16:53 - 2013-07-15 19:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-18 16:53 - 2013-06-09 21:46 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-18 16:53 - 2011-11-13 22:12 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-18 16:53 - 2011-04-14 17:13 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-18 16:53 - 2010-09-16 13:07 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-06-18 16:53 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew
2014-06-18 16:53 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-18 16:53 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-18 16:53 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2014-06-18 16:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-06-18 16:52 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-18 16:50 - 2011-11-13 22:41 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-06-18 13:08 - 2010-09-16 13:07 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-18 12:58 - 2011-06-08 23:44 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-06-16 23:56 - 2011-04-09 11:21 - 00000000 ____D () C:\Users\Sissy\AppData\Local\Adobe
2014-06-16 21:36 - 2014-06-16 21:36 - 00000000 ____D () C:\Users\Sissy\AppData\Roaming\AVAST Software
2014-06-16 20:44 - 2014-06-16 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 14:27 - 2014-06-07 14:27 - 00000000 ____D () C:\Windows\Sun
2014-06-07 14:27 - 2014-06-07 14:27 - 00000000 ____D () C:\ProgramData\Sun
2014-05-31 20:50 - 2014-03-03 18:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net

Some content of TEMP:
====================
C:\Users\Sissy\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-18 18:06

==================== End Of Log ============================

 

 

 

The type of the file system is NTFS.
Volume label is OS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
 0 percent complete. (0 of 273408 file records processed)    
 0 percent complete. (6674 of 273408 file records processed)    
 1 percent complete. (27341 of 273408 file records processed)    
 1 percent complete. (45127 of 273408 file records processed)    
 2 percent complete. (54682 of 273408 file records processed)    
 2 percent complete. (69377 of 273408 file records processed)    
 3 percent complete. (82023 of 273408 file records processed)    
 4 percent complete. (109364 of 273408 file records processed)    
 5 percent complete. (136704 of 273408 file records processed)    
 6 percent complete. (164045 of 273408 file records processed)    
 7 percent complete. (191386 of 273408 file records processed)

 

That's it.  Thanks again :)



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:40 AM

Posted 23 June 2014 - 12:28 PM

Hi Ravyn317,
 
I have seen no signs of Zbot in your logs, so I believe Avast caught it and deleted it before it could do damage.
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
SearchScopes: HKLM - {697317EC-D871-4E09-847D-441993114BF9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {FF8C9526-992D-4B2F-8835-A062F247E4EB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {697317EC-D871-4E09-847D-441993114BF9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {FF8C9526-992D-4B2F-8835-A062F247E4EB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {697317EC-D871-4E09-847D-441993114BF9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {FF8C9526-992D-4B2F-8835-A062F247E4EB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

--------------

This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Malwarebytes log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 Ravyn317

Ravyn317
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 24 June 2014 - 12:40 PM

Hi Toffee,

 

I did the ESET scan, but when it completed, the only button to click was "finish,"  I clicked it and it didn't give me the option to export anything.  It found 0 threats, though, so I guess that's good :)  It looked strange (as in I couldnt see the whole box, words, etc.), so I wonder if that is because my IE is so outdated.  I would update, but my job requires IE8.  So I don't have that log.  Should I try again with Firefox?  If so, I will do that tonight.

 

Here are the other 2 items requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Sissy at 2014-06-23 13:33:40 Run:3
Running from C:\Users\Sissy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {697317EC-D871-4E09-847D-441993114BF9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {FF8C9526-992D-4B2F-8835-A062F247E4EB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {697317EC-D871-4E09-847D-441993114BF9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {FF8C9526-992D-4B2F-8835-A062F247E4EB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {697317EC-D871-4E09-847D-441993114BF9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {FF8C9526-992D-4B2F-8835-A062F247E4EB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
*****************

'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{697317EC-D871-4E09-847D-441993114BF9}' => Key deleted successfully.
'HKCR\CLSID\{697317EC-D871-4E09-847D-441993114BF9}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FF8C9526-992D-4B2F-8835-A062F247E4EB}' => Key deleted successfully.
'HKCR\CLSID\{FF8C9526-992D-4B2F-8835-A062F247E4EB}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{697317EC-D871-4E09-847D-441993114BF9}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{697317EC-D871-4E09-847D-441993114BF9}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FF8C9526-992D-4B2F-8835-A062F247E4EB}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{FF8C9526-992D-4B2F-8835-A062F247E4EB}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{697317EC-D871-4E09-847D-441993114BF9}' => Key deleted successfully.
'HKCR\CLSID\{697317EC-D871-4E09-847D-441993114BF9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FF8C9526-992D-4B2F-8835-A062F247E4EB}' => Key deleted successfully.
'HKCR\CLSID\{FF8C9526-992D-4B2F-8835-A062F247E4EB}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.

==== End of Fixlog ====

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/23/2014
Scan Time: 1:41:06 PM
Logfile: Malwarebytes log2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.23.11
Rootkit Database: v2014.06.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sissy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300097
Time Elapsed: 21 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Thanks again Toffee.  Your time is very much appreciated.



#11 Ravyn317

Ravyn317
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 25 June 2014 - 11:48 AM

Okay, I did the ESET scan again, this time with no problems.  Again, it found no threats, and gave me no option to export or copy any log.  Is this what it does when there are no threats found?

 

Thanks again :)



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:40 AM

Posted 25 June 2014 - 12:48 PM

Hi Ravyn317,
 
Yes, no threats means no log will be created. That's good to hear that nothing was found and means you are clean now, just some updates to do :)
 
Your version of Adobe Flash is out of date.

Please follow these steps to remove older version Adobe Flash components and update:

  • Download the latest version of Adobe Flash and save it to your desktop.
  • Note: If you use Google Chrome or Firefox then there is no need to download Adobe Flash, if you also use Internet Explorer then use that browser to download Flash.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Adobe Flash in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Adobe Flash uninstaller.
  • Reboot your computer once Adobe Flash is removed.
  • Then from your desktop double-click on the Adobe Flash installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then run as Administrator.
  • If offered any unwanted software or toolbars during installation (such as Google Chrome and Google Toolbar); just uncheck the box before continuing unless you want these programs.

--------------
 
Your version of Adobe Flash is out of date.

Please follow these steps to remove older version Adobe Flash components and update:

  • Download the latest version of Adobe Flash and save it to your desktop.
  • Note: If you use Google Chrome or Firefox then there is no need to download Adobe Flash, if you also use Internet Explorer then use that browser to download Flash.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Adobe Flash in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Adobe Flash uninstaller.
  • Reboot your computer once Adobe Flash is removed.
  • Then from your desktop double-click on the Adobe Flash installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then run as Administrator.
  • If offered any unwanted software or toolbars during installation (such as Google Chrome and Google Toolbar); just uncheck the box before continuing unless you want these programs.

--------------
 
Your machine is clean! Feel free to enjoy the use of your cleaned computer. Please take the time to follow this last post which tells you how to remove the tools we have used and how to keep your computer clean   :thumbsup:
 
---------------
 
Download 51a5ce45263de-delfix.pngDelfix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
 
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't need to copy and paste it into your next reply.
 
--------------
 
Also, feel free to delete any leftover desktop icons and other various files which have been created throughout the process.
 
---------------
 
I have also compiled a list of links which you may be interested in:

This topic will be left open for 3 days in case you have any problems, otherwise it will closed after that time.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:40 AM

Posted 29 June 2014 - 01:40 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users