Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove adware...Need help


  • This topic is locked This topic is locked
14 replies to this topic

#1 siminu2

siminu2

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire
  • Local time:01:02 AM

Posted 15 August 2014 - 08:33 AM

I have three adware programs that keep coming back.  They are

 

NexttCouep

PprIceChop

SaVeMass

 

I have uninstalled them using control panel.  I have uninstalled them using adware.cleaner 3.3 program, and they keep returning causing countless windows to pop up.

 

I am running on Windows 7 with Chrome browser

 

Please help me.



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 17 August 2014 - 07:28 AM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 siminu2

siminu2
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire
  • Local time:01:02 AM

Posted 17 August 2014 - 09:13 AM

I thank you in advance for your help.  I have read your instructions and will try to follow exactly.  I need you to know we are working with HP computer of which was pre-loaded at purchase and did not come with original Windows installation disks.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04

Ran by Sandra (administrator) on SANDRA-HP on 17-08-2014 09:38:36
Running from C:\Users\Sandra\Desktop\Virus ware help
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(DEVGURU Co., LTD) C:\Windows\System32\ptumlcmsvc64.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\lync.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AESTFltr] => %SystemRoot%\system32\AESTFltr.exe /NoDlg
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-01-02] (IDT, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-04-02] (cyberlink)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2525184 2013-05-07] (MyHeritage)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3064546174-981495490-1555626466-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [22690968 2014-07-27] (Microsoft Corporation)
HKU\S-1-5-21-3064546174-981495490-1555626466-1000\...\MountPoints2: {45b40cc0-47bf-11e3-8849-441ea1e33c0b} - G:\Autorun.exe
HKU\S-1-5-21-3064546174-981495490-1555626466-1006\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-04-19] (Siber Systems)
HKU\S-1-5-21-3064546174-981495490-1555626466-1006\...\Run: [Google Update] => "C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3064546174-981495490-1555626466-1006\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-3064546174-981495490-1555626466-1006\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3064546174-981495490-1555626466-1006\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-3064546174-981495490-1555626466-1006\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3064546174-981495490-1555626466-1006\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
HKU\S-1-5-21-3064546174-981495490-1555626466-501\...\Run: [Google Update] => "C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3064546174-981495490-1555626466-501\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-04-19] (Siber Systems)
HKU\S-1-5-21-3064546174-981495490-1555626466-501\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-3064546174-981495490-1555626466-501\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3064546174-981495490-1555626466-501\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-3064546174-981495490-1555626466-501\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3064546174-981495490-1555626466-501\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\Sandra\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:55051;https=127.0.0.1:55051
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {AE6FCC02-176F-4480-A836-244997C328E6} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{104EE902-21F2-4EA6-A98B-25D7118F12DC}: [NameServer]198.224.186.135 198.224.187.135
Tcpip\..\Interfaces\{D35EB592-90AC-42CC-8B10-B53092AFBD3C}: [NameServer]198.224.187.135 198.224.186.135
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Sandra\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sandra\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Sandra\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Sandra\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Sandra\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sandra\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn [2011-12-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn [2014-08-17]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: hxxp://my.yahoo.com/
CHR StartupUrls: "hxxp://my.yahoo.com/"
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2014-08-16]
CHR Extension: (Google Docs) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]
CHR Extension: (YouTube) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-18]
CHR Extension: (Google Search) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-18]
CHR Extension: (NexttCouep) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnliaicmfjbkidjapldadaahegkddgel [2014-08-13]
CHR Extension: (PPrIceChOp) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnphcppibihpbjfmkendgipbiaomjof [2014-08-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-06-25]
CHR Extension: (Hangouts) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-05-17]
CHR Extension: (Google Wallet) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (SaVEMasS) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmlagkofmheocboedfoljjlpdahnjdf [2014-08-08]
CHR Extension: (Gmail) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-18]
CHR Extension: (NexttCouep) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnliaicmfjbkidjapldadaahegkddgel\1.0 [2014-08-13]
CHR Extension: (PPrIceChOp) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnphcppibihpbjfmkendgipbiaomjof\1.0 [2014-08-08]
CHR Extension: (SaVEMasS) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmlagkofmheocboedfoljjlpdahnjdf\1.0 [2014-08-08]
CHR HKLM-x32\...\Chrome\Extension: [iekjmlcgpmcjigljdiagaibfjfaideal] - C:\Users\Sandra\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx [2014-08-08]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-02-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc64.exe [184832 2012-09-21] (DEVGURU Co., LTD) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AESTAud; C:\Windows\System32\drivers\AESTAu64.sys [146048 2009-04-21] (Andrea Electronics Corporation)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40232 2013-07-11] (Google Inc)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys [1143416 2011-05-13] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSVia64.sys [488056 2011-05-13] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110519.002\ENG64.SYS [117880 2011-05-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110519.002\EX64.SYS [2011768 2011-05-18] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 PTUMLMBMP; C:\Windows\System32\DRIVERS\PTUMLMBMP.sys [255288 2012-09-21] (DEVGURU Co., LTD.)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-10-19] ()
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
S3 RSP2STOR; system32\DRIVERS\RtsP2Stor.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 09:25 - 2014-08-17 09:25 - 00035772 _____ () C:\Users\Sandra\Documents\HitmanPro_20140817_0925.log
2014-08-17 09:00 - 2014-08-17 09:26 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-16 20:46 - 2014-08-17 08:48 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Free Download Manager
2014-08-16 20:45 - 2014-08-16 20:45 - 00001067 _____ () C:\Users\Sandra\Desktop\Free Download Manager.lnk
2014-08-16 20:45 - 2014-08-16 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-08-16 20:45 - 2014-08-16 20:45 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-08-16 20:26 - 2014-08-16 20:49 - 00000000 ____D () C:\The KMPlayer
2014-08-16 20:19 - 2014-08-16 20:20 - 32833624 _____ (PandoraTV) C:\Users\Sandra\Desktop\KMPlayer_3-9-0-126.exe
2014-08-16 20:18 - 2014-08-16 20:18 - 00366920 _____ (Softonic) C:\Users\Sandra\Downloads\SoftonicDownloader_for_kmplayer.exe
2014-08-16 12:34 - 2014-08-17 09:38 - 00000000 ____D () C:\FRST
2014-08-16 12:30 - 2014-08-16 12:30 - 00000000 _____ () C:\Windows\SysWOW64\shoC3BB.tmp
2014-08-16 11:09 - 2014-08-16 11:09 - 00000000 _____ () C:\Windows\SysWOW64\shoB815.tmp
2014-08-16 06:26 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 06:26 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 06:26 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 06:26 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 06:26 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 06:26 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 06:26 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 06:26 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 08:39 - 2014-08-17 08:53 - 00004818 _____ () C:\Windows\PFRO.log
2014-08-15 08:39 - 2014-08-17 08:53 - 00000280 _____ () C:\Windows\setupact.log
2014-08-15 08:39 - 2014-08-15 08:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 07:57 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 07:57 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 07:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 07:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 07:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 07:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 07:57 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 07:57 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 07:57 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 07:57 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 07:57 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 07:57 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 07:57 - 2014-07-08 21:00 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 07:57 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 07:57 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 07:57 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 07:57 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 07:57 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 07:57 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 07:57 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 07:57 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 07:57 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 07:57 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 07:57 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 07:57 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 07:56 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 07:56 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 07:56 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 07:56 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 07:56 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 07:56 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 07:56 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 07:56 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 07:56 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 07:56 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 07:56 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 07:56 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 07:56 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 07:56 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 07:56 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 07:56 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 07:56 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 07:56 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 07:56 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 07:56 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 07:56 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 07:56 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 07:56 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 07:56 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 07:56 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 07:56 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 07:56 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 07:56 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 07:56 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 07:56 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 07:56 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 07:56 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 07:56 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 07:56 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 07:56 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 07:56 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 07:56 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 07:56 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 07:56 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 07:56 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 07:56 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 07:56 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 07:56 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 07:56 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 07:56 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 07:56 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 07:56 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 07:56 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 07:56 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 07:56 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 07:56 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 07:56 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 07:56 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 07:56 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 07:56 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 07:56 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 07:56 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 07:56 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 07:56 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 07:56 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 14:31 - 2014-08-14 14:33 - 00000000 ____D () C:\Users\Sandra\Documents\SMayberry Resumes
2014-08-11 19:10 - 2014-08-11 19:10 - 00000000 _____ () C:\Windows\SysWOW64\shoE607.tmp
2014-08-11 07:45 - 2014-08-11 07:45 - 00000000 _____ () C:\Windows\SysWOW64\sho6259.tmp
2014-08-08 07:35 - 2014-08-13 21:27 - 00000000 ____D () C:\ProgramData\9feddf5e5ad97441
2014-08-08 07:35 - 2014-08-13 21:20 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Packages
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Mayberry Account\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Administrator
2014-08-08 07:17 - 2014-08-08 07:38 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\uTorrent
2014-08-07 19:26 - 2014-08-07 19:28 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\vlc
2014-08-06 13:45 - 2014-08-06 13:45 - 03210534 _____ () C:\Users\Sandra\Desktop\AttendeeViewerImage000.bmp
2014-08-04 08:31 - 2014-08-04 08:35 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:31 - 00002047 _____ () C:\Users\Public\Desktop\Demo.lnk
2014-08-04 08:31 - 2014-08-04 08:31 - 00002042 _____ () C:\Users\Public\Desktop\NaturalReader Free.lnk
2014-08-04 08:31 - 2014-08-04 08:31 - 00000000 ____D () C:\ProgramData\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:31 - 00000000 ____D () C:\Program Files (x86)\Naturalsoft
2014-08-04 08:29 - 2014-08-04 08:31 - 00000000 ____D () C:\Users\Sandra\Documents\Naturalsoft
2014-08-04 08:05 - 2014-08-04 09:09 - 00000000 ____D () C:\Users\Sandra\Documents\Marriage aids
2014-08-02 08:11 - 2014-08-02 08:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-01 08:56 - 2014-08-16 06:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-26 17:25 - 2014-07-26 17:25 - 00000028 _____ () C:\Windows\pdf995.ini
2014-07-25 08:49 - 2014-07-25 08:49 - 00000000 ____D () C:\Users\Mayberry Account\AppData\Roaming\Apple Computer
2014-07-19 14:48 - 2014-07-19 14:48 - 00918952 _____ (Oracle Corporation) C:\Users\Sandra\Desktop\chromeinstall-7u65.exe
2014-07-19 14:13 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-19 14:12 - 2014-07-19 14:12 - 00005593 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 14:12 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-19 14:12 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-19 14:12 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-18 15:42 - 2014-07-18 15:42 - 00895120 _____ (Google Inc.) C:\Users\Sandra\Desktop\GoogleVoiceAndVideoSetup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 09:40 - 2014-05-18 12:29 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064546174-981495490-1555626466-1000UA.job
2014-08-17 09:39 - 2013-06-25 16:58 - 00000000 ____D () C:\Users\Sandra\Desktop\Virus ware help
2014-08-17 09:38 - 2014-08-16 12:34 - 00000000 ____D () C:\FRST
2014-08-17 09:27 - 2014-03-07 10:47 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3064546174-981495490-1555626466-1000.job
2014-08-17 09:26 - 2014-08-17 09:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-17 09:25 - 2014-08-17 09:25 - 00035772 _____ () C:\Users\Sandra\Documents\HitmanPro_20140817_0925.log
2014-08-17 09:24 - 2013-03-17 15:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 09:01 - 2012-03-01 04:48 - 01618605 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 09:01 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-17 09:01 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-17 08:56 - 2013-03-17 15:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 08:54 - 2013-12-17 08:06 - 01032511 _____ () C:\Windows\system32\ptumlacsvc-0.log
2014-08-17 08:54 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 08:53 - 2014-08-15 08:39 - 00004818 _____ () C:\Windows\PFRO.log
2014-08-17 08:53 - 2014-08-15 08:39 - 00000280 _____ () C:\Windows\setupact.log
2014-08-17 08:51 - 2013-10-19 07:37 - 00000000 ____D () C:\AdwCleaner
2014-08-17 08:48 - 2014-08-16 20:46 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Free Download Manager
2014-08-17 08:21 - 2014-05-18 12:29 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064546174-981495490-1555626466-1000Core.job
2014-08-17 08:21 - 2013-06-17 10:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-16 20:49 - 2014-08-16 20:26 - 00000000 ____D () C:\The KMPlayer
2014-08-16 20:45 - 2014-08-16 20:45 - 00001067 _____ () C:\Users\Sandra\Desktop\Free Download Manager.lnk
2014-08-16 20:45 - 2014-08-16 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-08-16 20:45 - 2014-08-16 20:45 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-08-16 20:28 - 2013-12-09 10:43 - 00000000 ____D () C:\temp
2014-08-16 20:20 - 2014-08-16 20:19 - 32833624 _____ (PandoraTV) C:\Users\Sandra\Desktop\KMPlayer_3-9-0-126.exe
2014-08-16 20:18 - 2014-08-16 20:18 - 00366920 _____ (Softonic) C:\Users\Sandra\Downloads\SoftonicDownloader_for_kmplayer.exe
2014-08-16 16:28 - 2011-12-25 15:35 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{69DE36B0-1B50-4F41-8DC3-305AC374E228}
2014-08-16 12:31 - 2009-07-14 00:45 - 00482720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 12:30 - 2014-08-16 12:30 - 00000000 _____ () C:\Windows\SysWOW64\shoC3BB.tmp
2014-08-16 12:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-16 11:41 - 2014-06-02 05:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 11:09 - 2014-08-16 11:09 - 00000000 _____ () C:\Windows\SysWOW64\shoB815.tmp
2014-08-16 11:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 08:19 - 2013-06-24 13:08 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSandra
2014-08-16 08:19 - 2013-06-24 13:08 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForSandra.job
2014-08-16 06:51 - 2012-03-14 10:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 06:35 - 2014-08-01 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-16 06:25 - 2014-05-07 06:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 13:47 - 2013-10-18 14:49 - 00000000 ____D () C:\Users\Sandra\Documents\Cognosante
2014-08-15 08:39 - 2014-08-15 08:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 08:23 - 2013-06-13 04:34 - 00000000 ____D () C:\Users\Sandra\Tracing
2014-08-15 08:23 - 2012-06-24 08:30 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-08-15 08:22 - 2012-09-02 08:52 - 00000000 ____D () C:\Windows\Minidump
2014-08-15 08:22 - 2011-12-27 15:59 - 00000000 ____D () C:\Users\Sandra\AppData\Local\CrashDumps
2014-08-15 08:22 - 2007-01-01 21:25 - 00000000 ____D () C:\Windows\Panther
2014-08-15 08:13 - 2012-06-24 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 08:13 - 2012-06-24 08:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-14 14:45 - 2014-03-07 10:47 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3064546174-981495490-1555626466-1000
2014-08-14 14:33 - 2014-08-14 14:31 - 00000000 ____D () C:\Users\Sandra\Documents\SMayberry Resumes
2014-08-13 21:27 - 2014-08-08 07:35 - 00000000 ____D () C:\ProgramData\9feddf5e5ad97441
2014-08-13 21:20 - 2014-08-08 07:35 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-12 13:35 - 2013-07-09 11:54 - 00000000 ____D () C:\Users\Sandra\Documents\Rental expense
2014-08-11 19:10 - 2014-08-11 19:10 - 00000000 _____ () C:\Windows\SysWOW64\shoE607.tmp
2014-08-11 18:52 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 08:24 - 2012-01-02 13:50 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-11 08:24 - 2011-12-26 15:40 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-11 07:45 - 2014-08-11 07:45 - 00000000 _____ () C:\Windows\SysWOW64\sho6259.tmp
2014-08-08 07:38 - 2014-08-08 07:17 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\uTorrent
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Packages
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Mayberry Account\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Administrator
2014-08-08 07:35 - 2013-07-09 08:07 - 00000000 ____D () C:\Users\Mayberry Account\AppData\Local\Google
2014-08-08 07:35 - 2013-03-17 15:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-08 07:35 - 2011-12-26 15:59 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Google
2014-08-08 07:35 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-08 07:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-07 19:28 - 2014-08-07 19:26 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\vlc
2014-08-06 22:06 - 2014-08-15 07:56 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 07:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 13:45 - 2014-08-06 13:45 - 03210534 _____ () C:\Users\Sandra\Desktop\AttendeeViewerImage000.bmp
2014-08-04 12:03 - 2012-03-17 17:14 - 00000000 ____D () C:\Users\Sandra\Documents\Youcam
2014-08-04 09:09 - 2014-08-04 08:05 - 00000000 ____D () C:\Users\Sandra\Documents\Marriage aids
2014-08-04 08:35 - 2014-08-04 08:31 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:31 - 00002047 _____ () C:\Users\Public\Desktop\Demo.lnk
2014-08-04 08:31 - 2014-08-04 08:31 - 00002042 _____ () C:\Users\Public\Desktop\NaturalReader Free.lnk
2014-08-04 08:31 - 2014-08-04 08:31 - 00000000 ____D () C:\ProgramData\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:31 - 00000000 ____D () C:\Program Files (x86)\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:29 - 00000000 ____D () C:\Users\Sandra\Documents\Naturalsoft
2014-08-02 08:31 - 2011-12-25 15:34 - 00112304 _____ () C:\Users\Sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-02 08:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-02 08:11 - 2014-08-02 08:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-01 08:56 - 2014-05-15 03:07 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-01 08:55 - 2014-01-17 23:25 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-01 08:54 - 2011-07-16 01:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-31 19:41 - 2014-08-15 07:56 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-15 07:56 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 07:23 - 2014-03-29 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-07-30 07:23 - 2014-03-25 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-27 10:41 - 2013-07-09 08:06 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A29C49C3-390F-4802-9322-7FFF2D8FCF34}
2014-07-26 17:35 - 2014-06-28 16:58 - 00000000 ____D () C:\Users\Sandra\Tarot readings
2014-07-26 17:35 - 2012-04-12 11:41 - 00000000 ____D () C:\ProgramData\pdf995
2014-07-26 17:25 - 2014-07-26 17:25 - 00000028 _____ () C:\Windows\pdf995.ini
2014-07-25 10:52 - 2014-08-15 07:56 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-15 07:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-15 07:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-15 07:56 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-15 07:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-15 07:56 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-15 07:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-15 07:56 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-15 07:56 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-15 07:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-15 07:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-15 07:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-15 07:56 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-15 07:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-15 07:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-15 07:56 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 08:49 - 2014-07-25 08:49 - 00000000 ____D () C:\Users\Mayberry Account\AppData\Roaming\Apple Computer
2014-07-25 08:47 - 2014-08-15 07:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:46 - 2013-03-13 08:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 08:46 - 2013-03-13 08:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 08:40 - 2014-08-15 07:56 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-15 07:56 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-15 07:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-15 07:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-15 07:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-15 07:56 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-15 07:56 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-15 07:56 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-15 07:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-15 07:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-15 07:56 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-15 07:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-15 07:56 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-15 07:56 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-15 07:56 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-15 07:56 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-15 07:56 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-15 07:56 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-15 07:56 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-15 07:56 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-15 07:56 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-15 07:56 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-15 07:56 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-15 07:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-15 07:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 07:32 - 2013-10-30 08:53 - 00000000 ____D () C:\Users\Sandra\Documents\Promisory Notes
2014-07-25 07:29 - 2014-08-15 07:56 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 07:24 - 2013-07-24 14:42 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Downloaded Installations
2014-07-25 07:23 - 2014-08-15 07:56 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-15 07:56 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-15 07:56 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-15 07:56 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:07 - 2013-03-13 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 07:03 - 2014-08-15 07:56 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-15 07:56 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-15 07:56 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-15 07:56 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-15 07:56 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-15 07:56 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-15 07:56 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-21 08:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-07-19 14:48 - 2014-07-19 14:48 - 00918952 _____ (Oracle Corporation) C:\Users\Sandra\Desktop\chromeinstall-7u65.exe
2014-07-19 14:48 - 2013-11-04 12:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 14:12 - 2014-07-19 14:12 - 00005593 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 14:12 - 2013-07-01 09:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 19:11 - 2014-03-23 15:39 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 15:42 - 2014-07-18 15:42 - 00895120 _____ (Google Inc.) C:\Users\Sandra\Desktop\GoogleVoiceAndVideoSetup.exe
 
Some content of TEMP:
====================
C:\Users\Sandra\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 19:49
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Sandra at 2014-08-17 09:40:15
Running from C:\Users\Sandra\Desktop\Virus ware help
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.548.58220 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.548.58220 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version:  - PopCap Games)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3.3222 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.3.3222 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.4119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{8E17BF11-A72D-4DA8-BFAA-DD262C17C2DE}) (Version:  - Microsoft)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
GoToMeeting 6.4.0.1558 (HKCU\...\GoToMeeting) (Version: 6.4.0.1558 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2011 (HKLM-x32\...\{7330262C-0A1C-4B3B-ACFF-7EEC5BF65CCF}) (Version: 11.04.7102 - HRB Technology, LLC.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{25F3EC6C-BB03-4CEB-B36C-E656A9DD149E}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LaserJet 200 color M251 (HKLM-x32\...\{6682B5C4-530A-4FB8-ACAC-80DB5CCC68DD}) (Version: 5.0.12200.1036 - Hewlett-Packard)
HP LaserJet 200 color M251 HP Device Toolbox (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) Hidden
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 1.0.057 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Product FWUpdater (x32 Version: 4.0.0.7242 - Hewlett-Packard Company) Hidden
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Unified IO (Version: 2.0.0.404 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.404 - HP) Hidden
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM251DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.12 - HP) Hidden
HPLaserJet200color-M251_HelpLearnCenter_SI (HKLM-x32\...\{DDEBEA89-2B5A-4E5B-8702-369882BB3F52}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM251 (x32 Version: 3.00.0003 - HP) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM251LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM251 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
iCare Data Recovery 5.0 (HKLM-x32\...\iCare Data Recovery_is1) (Version:  - iCare Software)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
Image Editor Packages (HKCU\...\Image Editor Packages) (Version:  - ) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170600}) (Version: 1.7.0.600 - Oracle)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kies mini (HKLM-x32\...\InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Kies mini (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Lync Basic 2013 (HKLM\...\Office15.LYNCENTRY) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft LyncEntry 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7105 - MyHeritage.com)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NaturalReaderFree (HKLM-x32\...\{262EFBD9-A907-490F-81F4-561FDD3A8C5C}) (Version: 1.00.0000 - Naturalsoft limited)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
OneClickRoot (HKLM-x32\...\OneClickRoot) (Version: 1.0 - OneClickRoot)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PANTECH UML290 (HKLM\...\{F95AC24D-E515-4057-BEB0-FDDFA55F74BB}) (Version: 4.11.2.0 - PANTECH CO., LTD)
PC Tool for VeryAndroid SMS Backup 3.2.2 (HKLM-x32\...\PC Tool for VeryAndroid SMS Backup) (Version: 3.2.2 - VeryAndroid)
PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Quassel (remove only) (HKLM-x32\...\Quassel) (Version: 0.9.0 - KDE)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoboForm 7-8-8-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-8-8-5 - Siber Systems)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
Savings Bond Wizard (HKLM-x32\...\Savings Bond Wizard) (Version:  - ) <==== ATTENTION
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.LYNCENTRY_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.LYNCENTRY_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.LYNCENTRY_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.LYNCENTRY_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.LYNCENTRY_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.LYNCENTRY_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.LYNCENTRY_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.LYNCENTRY_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.LYNCENTRY_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-012D-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.LYNCENTRY_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless UML290 Firmware Updates (HKLM-x32\...\{1A1A198F-405C-4254-A15E-9C44FEB1F6E1}) (Version: 1.0.11 - Smith Micro Software, Inc.)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VZAccess Manager (HKLM-x32\...\{FF35BA14-9CF3-41DD-9BC3-7C2A0763B4F3}) (Version: 7.9.1.0 - Smith Micro Software Inc.)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
04-08-2014 12:30:29 Installed NaturalReaderFree.
06-08-2014 13:48:39 Windows Update
09-08-2014 14:11:00 Windows Update
12-08-2014 23:07:17 Windows Update
16-08-2014 10:24:16 Windows Update
17-08-2014 12:22:02 Windows Update
17-08-2014 13:26:06 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {08670F78-2CDE-47E3-9453-A9295680A25A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {0C4F2AD0-8120-4E96-BE84-D430B5639C0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {153B55BB-DB1B-499A-99C5-AC229F920BCA} - System32\Tasks\{CFC5F315-FBF7-445B-B12D-B503085A40D4} => Chrome.exe http://ui.skype.com/ui/0/5.3.0.111.324/en/eula
Task: {17803735-9B3D-439A-96B1-992557EC2485} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {18570333-3832-44AD-8344-0B6F930C89B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3064546174-981495490-1555626466-1000Core => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {19AC4BED-C3CE-4E9D-8C58-CEFC0A67B612} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1B52C13B-974B-4511-B17F-67143230947D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1D1F8A67-8A89-4E3E-A97A-F503966D1A2B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-27] ()
Task: {27E6ACEF-47EB-4F9B-A725-F7199DEC76F4} - System32\Tasks\{6A17B637-0B99-4C02-934B-C217FEC72C71} => C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE [2010-10-22] (Microsoft Corporation)
Task: {330A8EB3-36A1-4C41-A005-25275AF064F1} - System32\Tasks\{5A3E201E-53C6-4DAA-A4DE-482B9F5141CA} => Chrome.exe http://ui.skype.com/ui/0/5.3.0.111.324/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {48ED5B85-40C2-4AC7-BF20-33AC7CB3C499} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {5125CBF9-6421-4FC7-A862-975DF9276360} - System32\Tasks\{3ED7360A-C42D-40B3-A3F9-32CFF84508E0} => Chrome.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {51D46E6E-D0BE-404F-964F-E4C0D1632490} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {54D9C266-7F90-48F9-AA4C-076B357A59B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {85251354-B7D8-4192-B5EC-FE513F19CC6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {9D76F2C7-00F2-4C7C-B80C-9555B5B860B9} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-04-19] (Siber Systems)
Task: {A1F29ED8-9224-41F3-A54E-3E0A98CB08AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A4CDD423-C825-41ED-8DCC-614C7A9C2D52} - System32\Tasks\HPCeeScheduleForSandra => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A77CFB34-56B0-43F0-B0DA-E6005F1C1E56} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3064546174-981495490-1555626466-1000UA => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {AA94514D-3CC0-4FEB-B733-F2C678394333} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {D4E8DA8C-D535-44A0-83D4-C6BE130053EF} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-15] (Hewlett Packard)
Task: {EE144ED7-D99F-48B6-9FF0-929F35688A61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {EE9A9817-57F7-430F-A1EE-E37DB94EA0D8} - System32\Tasks\G2MUpdateTask-S-1-5-21-3064546174-981495490-1555626466-1000 => C:\Users\Sandra\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe [2014-08-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3064546174-981495490-1555626466-1000.job => C:\Users\Sandra\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064546174-981495490-1555626466-1000Core.job => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064546174-981495490-1555626466-1000UA.job => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSandra.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-04-12 11:41 - 2006-10-19 21:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2012-06-24 08:30 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-05-10 13:56 - 2011-05-10 13:56 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-21 12:23 - 2014-05-21 12:23 - 00027304 _____ () C:\Program Files\Microsoft Office\Office15\lynchtmlconvpxy.dll
2011-12-19 23:34 - 2011-12-19 23:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2014-06-27 09:53 - 2014-01-07 16:30 - 01054432 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-16 12:11 - 2014-08-16 12:11 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\7598189e5bf031ab690da3f2ae3b30ef\IsdiInterop.ni.dll
2012-03-01 04:45 - 2011-04-30 04:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-08-16 20:45 - 2014-04-29 12:43 - 03553280 _____ () C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-07-18 19:10 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 19:10 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 19:10 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 19:10 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 19:10 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-18 19:10 - 2014-07-15 05:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/17/2014 08:55:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/16/2014 08:25:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftonicDownloader_for_kmplayer.exe version 1.41.3.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1ccc
 
Start Time: 01cfb9b0ca689833
 
Termination Time: 13
 
Application Path: C:\Users\Sandra\Downloads\SoftonicDownloader_for_kmplayer.exe
 
Report Id: 579ddc1e-25a4-11e4-ab1b-441ea1e33c0b
 
Error: (08/16/2014 08:23:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/16/2014 08:23:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/16/2014 08:22:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/16/2014 08:18:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/16/2014 08:18:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/16/2014 08:18:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/16/2014 07:35:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6375964
 
Error: (08/16/2014 07:35:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6375964
 
 
System errors:
=============
Error: (08/17/2014 08:57:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/17/2014 08:57:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/17/2014 08:57:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/17/2014 08:57:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/17/2014 08:57:10 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (08/17/2014 08:57:10 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (08/17/2014 08:57:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/17/2014 08:57:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/17/2014 08:57:00 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (08/17/2014 08:56:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (08/17/2014 08:55:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/16/2014 08:25:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SoftonicDownloader_for_kmplayer.exe1.41.3.81ccc01cfb9b0ca68983313C:\Users\Sandra\Downloads\SoftonicDownloader_for_kmplayer.exe579ddc1e-25a4-11e4-ab1b-441ea1e33c0b
 
Error: (08/16/2014 08:23:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sandra\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (08/16/2014 08:23:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sandra\Downloads\esetsmartinstaller_enu.exe
 
Error: (08/16/2014 08:22:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sandra\Downloads\SoftonicDownloader_for_kmplayer.exe
 
Error: (08/16/2014 08:18:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sandra\Downloads\SoftonicDownloader_for_kmplayer.exe
 
Error: (08/16/2014 08:18:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sandra\Downloads\SoftonicDownloader_for_kmplayer.exe
 
Error: (08/16/2014 08:18:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sandra\Downloads\SoftonicDownloader_for_kmplayer.exe
 
Error: (08/16/2014 07:35:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6375964
 
Error: (08/16/2014 07:35:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6375964
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 3893.86 MB
Available physical RAM: 1646.15 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 4964.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:679.02 GB) (Free:580.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:15.45 GB) (Free:1.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.58 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 477ABF56)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=679 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-17 09:54:15
-----------------------------
09:54:15.269    OS Version: Windows x64 6.1.7601 Service Pack 1
09:54:15.269    Number of processors: 4 586 0x2505
09:54:15.270    ComputerName: SANDRA-HP  UserName: Sandra
09:54:17.804    Initialize success
09:54:17.804    VM: initialized successfully
09:54:17.810    VM: Intel CPU BiosDisabled 
09:54:20.789    VM: supported disk I/O iaStor.sys
09:55:51.142    AVAST engine defs: 14081700
09:56:00.566    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:56:00.572    Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
09:56:00.728    Disk 0 MBR read successfully
09:56:00.735    Disk 0 MBR scan
09:56:00.847    Disk 0 Windows 7 default MBR code
09:56:00.852    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
09:56:00.857    Disk 0 default boot code
09:56:00.901    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       695319 MB offset 409600
09:56:00.954    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15822 MB offset 1424422912
09:56:00.997    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     4062 MB offset 1456826368
09:56:01.452    Disk 0 scanning C:\Windows\system32\drivers
09:56:25.124    Service scanning
09:57:15.056    Modules scanning
09:57:15.070    Disk 0 trace - called modules:
09:57:15.102    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
09:57:15.111    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800526c060]
09:57:15.119    3 CLASSPNP.SYS[fffff88001e2043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fdf050]
09:57:17.576    AVAST engine scan C:\Windows
09:57:22.851    AVAST engine scan C:\Windows\system32
10:03:33.679    AVAST engine scan C:\Windows\system32\drivers
10:04:19.107    AVAST engine scan C:\Users\Sandra
10:10:24.834    Disk 0 MBR has been saved successfully to "C:\Users\Sandra\Desktop\Virus ware help\MBR.dat"
10:10:24.915    The log file has been saved successfully to "C:\Users\Sandra\Desktop\Virus ware help\aswMBR.txt"
 
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-17 09:54:15
-----------------------------
09:54:15.269    OS Version: Windows x64 6.1.7601 Service Pack 1
09:54:15.269    Number of processors: 4 586 0x2505
09:54:15.270    ComputerName: SANDRA-HP  UserName: Sandra
09:54:17.804    Initialize success
09:54:17.804    VM: initialized successfully
09:54:17.810    VM: Intel CPU BiosDisabled 
09:54:20.789    VM: supported disk I/O iaStor.sys
09:55:51.142    AVAST engine defs: 14081700
09:56:00.566    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:56:00.572    Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
09:56:00.728    Disk 0 MBR read successfully
09:56:00.735    Disk 0 MBR scan
09:56:00.847    Disk 0 Windows 7 default MBR code
09:56:00.852    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
09:56:00.857    Disk 0 default boot code
09:56:00.901    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       695319 MB offset 409600
09:56:00.954    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15822 MB offset 1424422912
09:56:00.997    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     4062 MB offset 1456826368
09:56:01.452    Disk 0 scanning C:\Windows\system32\drivers
09:56:25.124    Service scanning
09:57:15.056    Modules scanning
09:57:15.070    Disk 0 trace - called modules:
09:57:15.102    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
09:57:15.111    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800526c060]
09:57:15.119    3 CLASSPNP.SYS[fffff88001e2043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fdf050]
09:57:17.576    AVAST engine scan C:\Windows
09:57:22.851    AVAST engine scan C:\Windows\system32
10:03:33.679    AVAST engine scan C:\Windows\system32\drivers
10:04:19.107    AVAST engine scan C:\Users\Sandra
10:10:24.834    Disk 0 MBR has been saved successfully to "C:\Users\Sandra\Desktop\Virus ware help\MBR.dat"
10:10:24.915    The log file has been saved successfully to "C:\Users\Sandra\Desktop\Virus ware help\aswMBR.txt"
10:11:21.946    Disk 0 MBR has been saved successfully to "C:\Users\Sandra\Desktop\Virus ware help\MBR.dat"
10:11:22.178    The log file has been saved successfully to "C:\Users\Sandra\Desktop\Virus ware help\aswMBR.txt"
 
 

 



#4 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 17 August 2014 - 10:38 AM

Hi, let's get to work. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Note: Please move FRST64.exe from C:\Users\Sandra\Desktop\Virus ware help to your desktop. The FRST fix will not work unless FRST64.exe is there.


Step 1: Multiple Anti-Virus Programs


Your log indicates you have 2 or more anti-virus programs installed on your machine. They are "Norton" and "Microsoft Security Essentials".
  • Research shows that having multiple anti-virus programs installed is not a good idea. This is a case of more is not better. They will often conflict with each, provide false positives, and additional problems.
  • We need to remove one of these from your system. If you are not paying for Norton, I would remove it. since MSE is integrated into Windows so much.
Step 2: Program Removals and Chrome Extension Removals


Please uninstall the following program from your machine as it is a adware/malware related program.

Image Editor Packages


Remove Chrome Extensions

There are extensions in Chrome that need to be removed, please follow the instructions below to remove them.

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please remove the extensions by clicking the trash can icon.

If one of the extensions in the list is not shown, don't worry about it, move to the next one.
  • NexttCouep
  • PPriceChOp
  • SaVEMasS
  • NexttCouep
Step 3: Fix with Farbar's Recovery Scan Tool
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3064546174-981495490-1555626466-501\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ProxyServer: http=127.0.0.1:55051;https=127.0.0.1:55051
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnliaicmfjbkidjapldadaahegkddgel
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnphcppibihpbjfmkendgipbiaomjof
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmlagkofmheocboedfoljjlpdahnjdf
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
CHR HKLM-x32\...\Chrome\Extension: [iekjmlcgpmcjigljdiagaibfjfaideal] - C:\Users\Sandra\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx [2014-08-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\Temp:373E1720
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 4: Junkware Removal Too


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 6: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#5 siminu2

siminu2
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire
  • Local time:01:02 AM

Posted 17 August 2014 - 01:04 PM

I have removed Nortan Anti-Virus program

I have removed Chrome Extensions

I can not locate Image Editor Packages you said to remove.

I have opened Farbar’s recovery scan tool

I have opened notepad and copy and paisted your  box saved as fixlist.txt

I have run FRST64.exe  and hit fix once here is the results

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04

Ran by Sandra at 2014-08-17 13:25:47 Run:1

Running from C:\Users\Sandra\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-21-3064546174-981495490-1555626466-501\...\Run: [Open Download Manager] => C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun

ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

ProxyServer: http=127.0.0.1:55051;https=127.0.0.1:55051

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnliaicmfjbkidjapldadaahegkddgel

C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnphcppibihpbjfmkendgipbiaomjof

C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmlagkofmheocboedfoljjlpdahnjdf

C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

CHR HKLM-x32\...\Chrome\Extension: [iekjmlcgpmcjigljdiagaibfjfaideal] - C:\Users\Sandra\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx [2014-08-08]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

AlternateDataStreams: C:\ProgramData\Temp:373E1720

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

CMD: ipconfig /flushdns

Emptytemp:

Hosts:

End

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

HKU\S-1-5-21-3064546174-981495490-1555626466-501\Software\Microsoft\Windows\CurrentVersion\Run\\Open Download Manager => Value not found.

C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.

"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.

"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.

"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.

"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.

"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.

"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.

"HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.

C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll not found.

"HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.

C:\Users\Sandra\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll not found.

C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnliaicmfjbkidjapldadaahegkddgel => Moved successfully.

C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnphcppibihpbjfmkendgipbiaomjof => Moved successfully.

C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmlagkofmheocboedfoljjlpdahnjdf => Moved successfully.

C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => Moved successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal" => Key deleted successfully.

"C:\Users\Sandra\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx" => File/Directory not found.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.

"HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.

"HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.

"HKU\S-1-5-21-3064546174-981495490-1555626466-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.

C:\ProgramData\Temp => ":373E1720" ADS removed successfully.

 

=========  netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh advfirewall set allprofiles state on =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 1.2 GB temporary data.

 

 

The system needed a reboot.

 

==== End of Fixlog ====

 

I have run JRT.exe and here is the results   Ran as Administrator

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Sandra on Sun 08/17/2014 at 13:34:57.67

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\syswow64\sho2A9E.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho5F0A.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho6259.tmp

Successfully deleted: [File] C:\Windows\syswow64\sho6431.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoB815.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoC3BB.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoCB04.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoDD7C.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoE607.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoF05A.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoFC68.tmp

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Sandra\AppData\Roaming\getrighttogo"

Successfully deleted: [Empty Folder] C:\Users\Sandra\appdata\local\{21C0CB9F-B2B3-4724-A165-4FCCA7758104}

Successfully deleted: [Empty Folder] C:\Users\Sandra\appdata\local\{32904108-F7A2-46BD-868F-D48FCB18C0B3}

Successfully deleted: [Empty Folder] C:\Users\Sandra\appdata\local\{4F60D41C-96F2-4ACF-A669-BA9AFFACA04F}

Successfully deleted: [Empty Folder] C:\Users\Sandra\appdata\local\{5B455EC6-ACD7-4C1E-AB0A-B40C4B378C05}

Successfully deleted: [Empty Folder] C:\Users\Sandra\appdata\local\{865A4F15-5D2B-485F-8E0D-14DB83D71BBA}

Successfully deleted: [Empty Folder] C:\Users\Sandra\appdata\local\{B36A2AF1-1D8F-466B-BF8D-4B4A921740E2}

Successfully deleted: [Empty Folder] C:\Users\Sandra\appdata\local\{C1BFE285-A30C-4A4D-9E20-F99077792EF2}

Successfully deleted: [Empty Folder] C:\Users\Sandra\appdata\local\{CC502009-1D94-472C-8AA8-5D87E93DDDCF}

Successfully deleted: [Empty Folder] C:\Users\Sandra\appdata\local\{E70094E4-1057-465D-BFE2-538811609D98}

Successfully deleted: [Empty Folder] C:\Users\Sandra\appdata\local\{EE869738-6F6B-408D-9E0D-97EF42DEFDC5}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 08/17/2014 at 13:41:32.47

End of JRT log

Downloaded AdwCleaner.exe to desktop and ran as administrator

 

# AdwCleaner v3.307 - Report created 17/08/2014 at 13:55:12

# Updated 17/08/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Sandra - SANDRA-HP

# Running from : C:\Users\Sandra\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\WEDLMNGR

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17239

 

 

-\\ Google Chrome v36.0.1985.125

 

[ File : C:\Users\Mayberry Account\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

Deleted [Search Provider] : hxxp://www.grainger.com/search?searchQuery={searchTerms}

Deleted [Search Provider] : hxxp://www.loomistank.com/search-results.shtml?q={searchTerms}

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [Search Provider] : hxxp://www.ltdcommodities.com/catalog/search_results.jsp;jsessionid=5A6A9B2C1F82F2553E6E959A40F9B52D?_dyncharset=ISO-8859-1&question={searchTerms}&_D%3Aquestion=+&%2Fatg%2Fcommerce%2Fsearch%2FRootCategoryConstraint.value=catalog10002&_D%3A%2Fatg%2Fcommerce%2Fsearch%2FRootCategoryConstraint.value=+&%2Fatg%2Fcommerce%2Fsearch%2FSearchablePropertyConstraint.value=LTD&_D%3A%2Fatg%2Fcommerce%2Fsearch%2FSearchablePropertyConstraint.value=+&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.docSort=numprop&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.docSort=+&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.docSortOrder=ascending&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.docSortOrder=+&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.docSortProp=sortOrder&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.docSortProp=+&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.search.x=-566&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.search.y=-130&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.search=search&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.search=+&_DARGS=%2Fcommon%2Fincludes%2Finc_header.jsp.basicSearch

Deleted [Search Provider] : hxxp://www8.hp.com/us/en/hp-search/search-results.html?cc=us&lang=en&charset=utf-8&qt={searchTerms}&search=

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [4055 octets] - [19/10/2013 07:37:44]

AdwCleaner[R10].txt - [4272 octets] - [17/08/2014 13:54:16]

AdwCleaner[R1].txt - [9872 octets] - [11/12/2013 13:10:35]

AdwCleaner[R2].txt - [9932 octets] - [11/12/2013 13:11:50]

AdwCleaner[R3].txt - [6407 octets] - [30/06/2014 08:46:53]

AdwCleaner[R4].txt - [5958 octets] - [13/08/2014 21:36:21]

AdwCleaner[R5].txt - [1466 octets] - [15/08/2014 08:35:50]

AdwCleaner[R6].txt - [1704 octets] - [16/08/2014 12:25:43]

AdwCleaner[R7].txt - [1834 octets] - [17/08/2014 08:44:55]

AdwCleaner[R8].txt - [2296 octets] - [17/08/2014 13:49:07]

AdwCleaner[R9].txt - [2356 octets] - [17/08/2014 13:50:19]

AdwCleaner[S0].txt - [3929 octets] - [19/10/2013 07:40:27]

AdwCleaner[S1].txt - [8078 octets] - [11/12/2013 13:40:05]

AdwCleaner[S2].txt - [8190 octets] - [30/06/2014 09:38:49]

AdwCleaner[S3].txt - [7649 octets] - [13/08/2014 21:38:18]

AdwCleaner[S4].txt - [3395 octets] - [15/08/2014 08:37:34]

AdwCleaner[S5].txt - [3635 octets] - [16/08/2014 12:29:43]

AdwCleaner[S6].txt - [3725 octets] - [17/08/2014 08:51:40]

AdwCleaner[S7].txt - [4160 octets] - [17/08/2014 13:55:12]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [4220 octets] ##########

 

Re ran FRST65.exe

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Sandra (administrator) on SANDRA-HP on 17-08-2014 14:00:30
Running from C:\Users\Sandra\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(DEVGURU Co., LTD) C:\Windows\System32\ptumlcmsvc64.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\lync.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AESTFltr] => %SystemRoot%\system32\AESTFltr.exe /NoDlg
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-01-02] (IDT, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-04-02] (cyberlink)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2525184 2013-05-07] (MyHeritage)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3064546174-981495490-1555626466-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [22690968 2014-07-27] (Microsoft Corporation)
HKU\S-1-5-21-3064546174-981495490-1555626466-1000\...\MountPoints2: {45b40cc0-47bf-11e3-8849-441ea1e33c0b} - G:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\Sandra\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {AE6FCC02-176F-4480-A836-244997C328E6} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{104EE902-21F2-4EA6-A98B-25D7118F12DC}: [NameServer]198.224.186.135 198.224.187.135
Tcpip\..\Interfaces\{D35EB592-90AC-42CC-8B10-B53092AFBD3C}: [NameServer]198.224.187.135 198.224.186.135
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Sandra\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sandra\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Sandra\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Sandra\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Sandra\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sandra\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: hxxp://my.yahoo.com/
CHR StartupUrls: "hxxp://my.yahoo.com/"
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2014-08-16]
CHR Extension: (Google Docs) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]
CHR Extension: (YouTube) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-18]
CHR Extension: (Google Search) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-18]
CHR Extension: (Hangouts) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-05-17]
CHR Extension: (Google Wallet) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc64.exe [184832 2012-09-21] (DEVGURU Co., LTD) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AESTAud; C:\Windows\System32\drivers\AESTAu64.sys [146048 2009-04-21] (Andrea Electronics Corporation)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40232 2013-07-11] (Google Inc)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 PTUMLMBMP; C:\Windows\System32\DRIVERS\PTUMLMBMP.sys [255288 2012-09-21] (DEVGURU Co., LTD.)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-10-19] ()
S3 RSP2STOR; system32\DRIVERS\RtsP2Stor.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 14:00 - 2014-08-17 14:00 - 00025694 _____ () C:\Users\Sandra\Desktop\FRST.txt
2014-08-17 13:48 - 2014-08-17 13:48 - 01361671 _____ () C:\Users\Sandra\Desktop\AdwCleaner.exe
2014-08-17 13:41 - 2014-08-17 13:41 - 00002469 _____ () C:\Users\Sandra\Desktop\JRT.txt
2014-08-17 13:31 - 2014-08-17 13:31 - 01016261 _____ (Thisisu) C:\Users\Sandra\Desktop\JRT.exe
2014-08-17 09:25 - 2014-08-17 09:25 - 00035772 _____ () C:\Users\Sandra\Documents\HitmanPro_20140817_0925.log
2014-08-17 09:00 - 2014-08-17 09:26 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-16 20:46 - 2014-08-17 08:48 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Free Download Manager
2014-08-16 20:45 - 2014-08-16 20:45 - 00001067 _____ () C:\Users\Sandra\Desktop\Free Download Manager.lnk
2014-08-16 20:45 - 2014-08-16 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-08-16 20:45 - 2014-08-16 20:45 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-08-16 20:26 - 2014-08-16 20:49 - 00000000 ____D () C:\The KMPlayer
2014-08-16 20:19 - 2014-08-16 20:20 - 32833624 _____ (PandoraTV) C:\Users\Sandra\Desktop\KMPlayer_3-9-0-126.exe
2014-08-16 20:18 - 2014-08-16 20:18 - 00366920 _____ (Softonic) C:\Users\Sandra\Downloads\SoftonicDownloader_for_kmplayer.exe
2014-08-16 12:34 - 2014-08-17 14:00 - 00000000 ____D () C:\FRST
2014-08-16 12:28 - 2014-08-16 12:28 - 02101760 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64.exe
2014-08-16 06:26 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 06:26 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 06:26 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 06:26 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 06:26 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 06:26 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 06:26 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 06:26 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 08:39 - 2014-08-17 13:56 - 00568834 _____ () C:\Windows\PFRO.log
2014-08-15 08:39 - 2014-08-17 13:56 - 00000504 _____ () C:\Windows\setupact.log
2014-08-15 08:39 - 2014-08-15 08:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 07:57 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 07:57 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 07:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 07:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 07:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 07:57 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 07:57 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 07:57 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 07:57 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 07:57 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 07:57 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 07:57 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 07:57 - 2014-07-08 21:00 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 07:57 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 07:57 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 07:57 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 07:57 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 07:57 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 07:57 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 07:57 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 07:57 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 07:57 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 07:57 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 07:57 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 07:57 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 07:56 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 07:56 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 07:56 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 07:56 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 07:56 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 07:56 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 07:56 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 07:56 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 07:56 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 07:56 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 07:56 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 07:56 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 07:56 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 07:56 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 07:56 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 07:56 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 07:56 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 07:56 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 07:56 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 07:56 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 07:56 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 07:56 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 07:56 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 07:56 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 07:56 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 07:56 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 07:56 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 07:56 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 07:56 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 07:56 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 07:56 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 07:56 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 07:56 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 07:56 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 07:56 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 07:56 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 07:56 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 07:56 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 07:56 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 07:56 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 07:56 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 07:56 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 07:56 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 07:56 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 07:56 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 07:56 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 07:56 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 07:56 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 07:56 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 07:56 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 07:56 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 07:56 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 07:56 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 07:56 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 07:56 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 07:56 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 07:56 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 07:56 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 07:56 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 07:56 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 14:31 - 2014-08-14 14:33 - 00000000 ____D () C:\Users\Sandra\Documents\SMayberry Resumes
2014-08-08 07:35 - 2014-08-13 21:27 - 00000000 ____D () C:\ProgramData\9feddf5e5ad97441
2014-08-08 07:35 - 2014-08-13 21:20 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Packages
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Mayberry Account\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Administrator
2014-08-08 07:17 - 2014-08-08 07:38 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\uTorrent
2014-08-07 19:26 - 2014-08-07 19:28 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\vlc
2014-08-06 13:45 - 2014-08-06 13:45 - 03210534 _____ () C:\Users\Sandra\Desktop\AttendeeViewerImage000.bmp
2014-08-04 08:31 - 2014-08-04 08:35 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:31 - 00002047 _____ () C:\Users\Public\Desktop\Demo.lnk
2014-08-04 08:31 - 2014-08-04 08:31 - 00002042 _____ () C:\Users\Public\Desktop\NaturalReader Free.lnk
2014-08-04 08:31 - 2014-08-04 08:31 - 00000000 ____D () C:\ProgramData\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:31 - 00000000 ____D () C:\Program Files (x86)\Naturalsoft
2014-08-04 08:29 - 2014-08-04 08:31 - 00000000 ____D () C:\Users\Sandra\Documents\Naturalsoft
2014-08-04 08:05 - 2014-08-04 09:09 - 00000000 ____D () C:\Users\Sandra\Documents\Marriage aids
2014-08-02 08:11 - 2014-08-02 08:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-01 08:56 - 2014-08-16 06:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-26 17:25 - 2014-07-26 17:25 - 00000028 _____ () C:\Windows\pdf995.ini
2014-07-25 08:49 - 2014-07-25 08:49 - 00000000 ____D () C:\Users\Mayberry Account\AppData\Roaming\Apple Computer
2014-07-19 14:48 - 2014-07-19 14:48 - 00918952 _____ (Oracle Corporation) C:\Users\Sandra\Desktop\chromeinstall-7u65.exe
2014-07-19 14:13 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-19 14:12 - 2014-07-19 14:12 - 00005593 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 14:12 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-19 14:12 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-19 14:12 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-18 15:42 - 2014-07-18 15:42 - 00895120 _____ (Google Inc.) C:\Users\Sandra\Desktop\GoogleVoiceAndVideoSetup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 14:02 - 2014-08-17 14:00 - 00025694 _____ () C:\Users\Sandra\Desktop\FRST.txt
2014-08-17 14:00 - 2014-08-16 12:34 - 00000000 ____D () C:\FRST
2014-08-17 13:56 - 2014-08-15 08:39 - 00568834 _____ () C:\Windows\PFRO.log
2014-08-17 13:56 - 2014-08-15 08:39 - 00000504 _____ () C:\Windows\setupact.log
2014-08-17 13:56 - 2013-12-17 08:06 - 01040997 _____ () C:\Windows\system32\ptumlacsvc-0.log
2014-08-17 13:56 - 2013-03-17 15:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 13:56 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 13:55 - 2013-10-19 07:37 - 00000000 ____D () C:\AdwCleaner
2014-08-17 13:55 - 2012-03-01 04:48 - 01691124 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 13:54 - 2013-06-17 10:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 13:48 - 2014-08-17 13:48 - 01361671 _____ () C:\Users\Sandra\Desktop\AdwCleaner.exe
2014-08-17 13:41 - 2014-08-17 13:41 - 00002469 _____ () C:\Users\Sandra\Desktop\JRT.txt
2014-08-17 13:40 - 2014-05-18 12:29 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064546174-981495490-1555626466-1000UA.job
2014-08-17 13:36 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-17 13:36 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-17 13:31 - 2014-08-17 13:31 - 01016261 _____ (Thisisu) C:\Users\Sandra\Desktop\JRT.exe
2014-08-17 13:28 - 2009-07-14 00:45 - 00482720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-17 13:27 - 2014-03-07 10:47 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3064546174-981495490-1555626466-1000.job
2014-08-17 13:24 - 2013-03-17 15:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 12:53 - 2012-03-17 17:14 - 00000000 ____D () C:\Users\Sandra\Documents\Youcam
2014-08-17 12:44 - 2012-03-01 04:55 - 00000000 ____D () C:\ProgramData\Norton
2014-08-17 12:39 - 2013-06-25 16:58 - 00000000 ____D () C:\Users\Sandra\Desktop\Virus ware help
2014-08-17 12:18 - 2011-12-25 15:35 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{69DE36B0-1B50-4F41-8DC3-305AC374E228}
2014-08-17 09:26 - 2014-08-17 09:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-17 09:25 - 2014-08-17 09:25 - 00035772 _____ () C:\Users\Sandra\Documents\HitmanPro_20140817_0925.log
2014-08-17 08:48 - 2014-08-16 20:46 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Free Download Manager
2014-08-17 08:21 - 2014-05-18 12:29 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064546174-981495490-1555626466-1000Core.job
2014-08-16 20:49 - 2014-08-16 20:26 - 00000000 ____D () C:\The KMPlayer
2014-08-16 20:45 - 2014-08-16 20:45 - 00001067 _____ () C:\Users\Sandra\Desktop\Free Download Manager.lnk
2014-08-16 20:45 - 2014-08-16 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-08-16 20:45 - 2014-08-16 20:45 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-08-16 20:28 - 2013-12-09 10:43 - 00000000 ____D () C:\temp
2014-08-16 20:20 - 2014-08-16 20:19 - 32833624 _____ (PandoraTV) C:\Users\Sandra\Desktop\KMPlayer_3-9-0-126.exe
2014-08-16 20:18 - 2014-08-16 20:18 - 00366920 _____ (Softonic) C:\Users\Sandra\Downloads\SoftonicDownloader_for_kmplayer.exe
2014-08-16 12:28 - 2014-08-16 12:28 - 02101760 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64.exe
2014-08-16 12:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-16 11:41 - 2014-06-02 05:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 11:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 08:19 - 2013-06-24 13:08 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSandra
2014-08-16 08:19 - 2013-06-24 13:08 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForSandra.job
2014-08-16 06:51 - 2012-03-14 10:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 06:35 - 2014-08-01 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-16 06:25 - 2014-05-07 06:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 13:47 - 2013-10-18 14:49 - 00000000 ____D () C:\Users\Sandra\Documents\Cognosante
2014-08-15 08:39 - 2014-08-15 08:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 08:23 - 2013-06-13 04:34 - 00000000 ____D () C:\Users\Sandra\Tracing
2014-08-15 08:23 - 2012-06-24 08:30 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-08-15 08:22 - 2012-09-02 08:52 - 00000000 ____D () C:\Windows\Minidump
2014-08-15 08:22 - 2011-12-27 15:59 - 00000000 ____D () C:\Users\Sandra\AppData\Local\CrashDumps
2014-08-15 08:22 - 2007-01-01 21:25 - 00000000 ____D () C:\Windows\Panther
2014-08-15 08:13 - 2012-06-24 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 08:13 - 2012-06-24 08:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-14 14:45 - 2014-03-07 10:47 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3064546174-981495490-1555626466-1000
2014-08-14 14:33 - 2014-08-14 14:31 - 00000000 ____D () C:\Users\Sandra\Documents\SMayberry Resumes
2014-08-13 21:27 - 2014-08-08 07:35 - 00000000 ____D () C:\ProgramData\9feddf5e5ad97441
2014-08-13 21:20 - 2014-08-08 07:35 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-12 13:35 - 2013-07-09 11:54 - 00000000 ____D () C:\Users\Sandra\Documents\Rental expense
2014-08-11 18:52 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 08:24 - 2012-01-02 13:50 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-11 08:24 - 2011-12-26 15:40 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-08 07:38 - 2014-08-08 07:17 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\uTorrent
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Packages
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Mayberry Account\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-08 07:35 - 2014-08-08 07:35 - 00000000 ____D () C:\Users\Administrator
2014-08-08 07:35 - 2013-07-09 08:07 - 00000000 ____D () C:\Users\Mayberry Account\AppData\Local\Google
2014-08-08 07:35 - 2013-03-17 15:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-08 07:35 - 2011-12-26 15:59 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Google
2014-08-08 07:35 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-08 07:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-07 19:28 - 2014-08-07 19:26 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\vlc
2014-08-06 22:06 - 2014-08-15 07:56 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 07:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 13:45 - 2014-08-06 13:45 - 03210534 _____ () C:\Users\Sandra\Desktop\AttendeeViewerImage000.bmp
2014-08-04 09:09 - 2014-08-04 08:05 - 00000000 ____D () C:\Users\Sandra\Documents\Marriage aids
2014-08-04 08:35 - 2014-08-04 08:31 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:31 - 00002047 _____ () C:\Users\Public\Desktop\Demo.lnk
2014-08-04 08:31 - 2014-08-04 08:31 - 00002042 _____ () C:\Users\Public\Desktop\NaturalReader Free.lnk
2014-08-04 08:31 - 2014-08-04 08:31 - 00000000 ____D () C:\ProgramData\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:31 - 00000000 ____D () C:\Program Files (x86)\Naturalsoft
2014-08-04 08:31 - 2014-08-04 08:29 - 00000000 ____D () C:\Users\Sandra\Documents\Naturalsoft
2014-08-02 08:31 - 2011-12-25 15:34 - 00112304 _____ () C:\Users\Sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-02 08:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-02 08:11 - 2014-08-02 08:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-01 08:56 - 2014-05-15 03:07 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-01 08:55 - 2014-01-17 23:25 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-01 08:54 - 2011-07-16 01:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-31 19:41 - 2014-08-15 07:56 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-15 07:56 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 07:23 - 2014-03-29 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-07-30 07:23 - 2014-03-25 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-27 10:41 - 2013-07-09 08:06 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A29C49C3-390F-4802-9322-7FFF2D8FCF34}
2014-07-26 17:35 - 2014-06-28 16:58 - 00000000 ____D () C:\Users\Sandra\Tarot readings
2014-07-26 17:35 - 2012-04-12 11:41 - 00000000 ____D () C:\ProgramData\pdf995
2014-07-26 17:25 - 2014-07-26 17:25 - 00000028 _____ () C:\Windows\pdf995.ini
2014-07-25 10:52 - 2014-08-15 07:56 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-15 07:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-15 07:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-15 07:56 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-15 07:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-15 07:56 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-15 07:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-15 07:56 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-15 07:56 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-15 07:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-15 07:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-15 07:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-15 07:56 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-15 07:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-15 07:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-15 07:56 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 08:49 - 2014-07-25 08:49 - 00000000 ____D () C:\Users\Mayberry Account\AppData\Roaming\Apple Computer
2014-07-25 08:47 - 2014-08-15 07:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:46 - 2013-03-13 08:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 08:46 - 2013-03-13 08:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 08:40 - 2014-08-15 07:56 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-15 07:56 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-15 07:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-15 07:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-15 07:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-15 07:56 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-15 07:56 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-15 07:56 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-15 07:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-15 07:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-15 07:56 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-15 07:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-15 07:56 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-15 07:56 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-15 07:56 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-15 07:56 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-15 07:56 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-15 07:56 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-15 07:56 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-15 07:56 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-15 07:56 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-15 07:56 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-15 07:56 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-15 07:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-15 07:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 07:32 - 2013-10-30 08:53 - 00000000 ____D () C:\Users\Sandra\Documents\Promisory Notes
2014-07-25 07:29 - 2014-08-15 07:56 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 07:24 - 2013-07-24 14:42 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Downloaded Installations
2014-07-25 07:23 - 2014-08-15 07:56 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-15 07:56 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-15 07:56 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-15 07:56 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:07 - 2013-03-13 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 07:03 - 2014-08-15 07:56 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-15 07:56 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-15 07:56 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-15 07:56 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-15 07:56 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-15 07:56 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-15 07:56 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-21 08:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-07-19 14:48 - 2014-07-19 14:48 - 00918952 _____ (Oracle Corporation) C:\Users\Sandra\Desktop\chromeinstall-7u65.exe
2014-07-19 14:48 - 2013-11-04 12:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 14:12 - 2014-07-19 14:12 - 00005593 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 14:12 - 2013-07-01 09:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 19:11 - 2014-03-23 15:39 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 15:42 - 2014-07-18 15:42 - 00895120 _____ (Google Inc.) C:\Users\Sandra\Desktop\GoogleVoiceAndVideoSetup.exe
 
Some content of TEMP:
====================
C:\Users\Sandra\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 19:49
 
==================== End Of Log ============================
 
Thank you for your help.  


#6 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 17 August 2014 - 01:12 PM

I have removed Nortan Anti-Virus program

I have removed Chrome Extensions

I can not locate Image Editor Packages you said to remove.

I have opened Farbars recovery scan tool

I have opened notepad and copy and paisted your box saved as fixlist.txt

I have run FRST64.exe and hit fix once here is the results


No worries on that Image program. :)
 

Thank you for your help.


You're quite welcome, let's continue the cleaning. :thumbsup2:



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#7 siminu2

siminu2
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire
  • Local time:01:02 AM

Posted 18 August 2014 - 06:24 AM

ESET SCAN LOG 

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cd2d7d7d0e021d45babc24a04c8b86c9
# engine=19703
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-18 01:48:04
# local_time=2014-08-17 09:48:04 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 10968409 49524600 0 0
# scanned=252693
# found=39
# cleaned=0
# scan_time=17234
sh=297AB44B22D59DC00DA6E7138A6F57CAAA379D74 ft=1 fh=a263ea30718c1c6d vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\003\nuttkoqiez64.exe.vir"
sh=0B725D3D22F04E7E9A806331FD8ABCA697972A5F ft=1 fh=c774139e963126f3 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=5624D8165018E754731DD26C08845A8818375421 ft=1 fh=2c48df36411455b8 vn="Win32/AdWare.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher32.exe.vir"
sh=8F2300C7F61EA2FBDECF69A6E7ADBC0B1793C63E ft=1 fh=172057d45aaf04ec vn="a variant of Win64/Adware.Adpeak.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher64.exe.vir"
sh=6AFAEEC56C44C74542369A58D1E2F57B508F0E0D ft=1 fh=b223f168b5e1d79a vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.20.1.508_0\plugins\ConduitChromeApiPlugin.dll.vir"
sh=DB5DEC21F203A3AE275461D03FF977C87C6C00F9 ft=1 fh=09feb8da0d515751 vn="Win32/Toolbar.Conduit.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.20.1.508_0\plugins\TBVerifier.dll.vir"
sh=8AAE2C39244347633C24ADE5CEDF8E1E47DA78D6 ft=1 fh=47ea44a7726f5759 vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\iLivid\Helper.dll.vir"
sh=C92FB59205D91F000A73FA959BEE674F184F2306 ft=1 fh=cedd5dbc4577831d vn="a variant of Win32/Toolbar.SearchSuite.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\iLivid\Uninstall.exe.vir"
sh=E60FD5CB7D2CB265078625E7A72BDB71A5552E8A ft=1 fh=8483eb2d3942bac6 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\NativeMessaging\CT3307181\1_0_0_2\TBMessagingHost.exe.vir"
sh=0CD52F8350A38B8C929936C5CF963A7908E8E4E8 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Temp\NativeMessaging\CT3307181.crx.vir"
sh=E60FD5CB7D2CB265078625E7A72BDB71A5552E8A ft=1 fh=8483eb2d3942bac6 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Temp\NativeMessaging\CT3307181\nativeMessaging\TBMessagingHost.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Image Editor Packages\uninstaller.exe.vir"
sh=89987A006AEAFF6B34A5D99FA063247179134109 ft=1 fh=c464529d2c35b967 vn="Win32/DealPly.S potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe.vir"
sh=84D231BD285FB6E1BC20F82BC6261C1507675C17 ft=1 fh=a053084764085b12 vn="a variant of Win32/DealPly.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe.vir"
sh=38576FE97240AD33EA79E2EE58F7116CBF10DC6C ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Sandra\AppData\Local\Downloaded Installations\{FE5201C9-A684-47A1-AC22-3401B18E7682}\The Weather Channel App.msi"
sh=A965A1CF7CBA5941A03F37A19B36E99F4E57D260 ft=1 fh=c2efa275fc2e956d vn="a variant of Win32/AdWare.MultiPlug.BE application" ac=I fn="C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000"
sh=08E17C00DE03029BAD604C8899656C8DBA470418 ft=1 fh=1f040be5fc2e956d vn="a variant of Win32/AdWare.MultiPlug.BE application" ac=I fn="C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000"
sh=62787B5CFC7CEC19C3B235551BFC3818ECF037A2 ft=1 fh=97702881defef2e1 vn="Win32/PCPerformer.B potentially unwanted application" ac=I fn="C:\Users\Sandra\AppData\Local\PCP_100_v3\PCPerformerSetup.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Sandra\Desktop\cbsidlm-cbsi183-Office_Key_Remover-SEO-75207156.exe"
sh=23105D0B577983F45E85223B7197C54DD1FF77A0 ft=1 fh=615843e7c2acffef vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Sandra\Desktop\KMPlayer_3-9-0-126.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Sandra\Desktop\Virus ware help\ccsetup416.exe"
sh=36DEBD056171E4B6089DF24FBC8E3D520C096053 ft=1 fh=2e982ebf7271a032 vn="Win32/DownWare.S potentially unwanted application" ac=I fn="C:\Users\Sandra\Downloads\CandyCrushSagaSetup.exe"
sh=2C16CF7AF335A0943C5973070050474E2565691B ft=1 fh=dbab1590fe63551b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Sandra\Downloads\ccsetup319.exe"
sh=A73342FE6D36EE9350B8C0552E470BC6C9DEF2BA ft=1 fh=405cc29d5429122f vn="Android/Exploit.PSN.A trojan" ac=I fn="C:\Users\Sandra\Downloads\drfone-for-android_full1531 (1).exe"
sh=A73342FE6D36EE9350B8C0552E470BC6C9DEF2BA ft=1 fh=405cc29d5429122f vn="Android/Exploit.PSN.A trojan" ac=I fn="C:\Users\Sandra\Downloads\drfone-for-android_full1531.exe"
sh=08D0AC6F1529627C423F2693945EA53A2D505C45 ft=1 fh=df75c801ac998189 vn="Win32/Toolbar.Crawler.B potentially unwanted application" ac=I fn="C:\Users\Sandra\Downloads\MapsSetup.exe"
sh=5C7243572F1D693D2F86A0F8D01143EAA8D60082 ft=1 fh=87262def6af5d39f vn="a variant of Win32/InstallCore.BY potentially unwanted application" ac=I fn="C:\Users\Sandra\Downloads\radarsync.exe"
sh=4B98E26A14E4CF4A88157F74059F7572F18E35B6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Sandra\Downloads\SuperOneClickv1.9.5-droidtricks.zip"
sh=F829C3F62D8D6E5BC27097CD95C094784C2F4AC5 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Sandra\Downloads\superoneclickv1.9.5-shortfuse (1).zip"
sh=F829C3F62D8D6E5BC27097CD95C094784C2F4AC5 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Sandra\Downloads\SuperOneClickv1.9.5-ShortFuse.zip"
sh=549576C3043357DE2709F12BD4B6EE3066B5C6B9 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Sandra\Downloads\SuperOneClickv2.3.3-ShortFuse (1).zip"
sh=549576C3043357DE2709F12BD4B6EE3066B5C6B9 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Sandra\Downloads\SuperOneClickv2.3.3-ShortFuse (2).zip"
sh=549576C3043357DE2709F12BD4B6EE3066B5C6B9 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Sandra\Downloads\SuperOneClickv2.3.3-ShortFuse.zip"
sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Users\Sandra\Downloads\superoneclickv1.9.5-shortfuse (1)\Exploits\psneuter"
sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Users\Sandra\Downloads\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter"
sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Users\Sandra\Downloads\SuperOneClickv2.3.3-ShortFuse (1)\Exploits\psneuter"
sh=BB8C196BCDBED01EA857168CF4F563B43E8705D5 ft=1 fh=42c680e3bdbef60e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Windows\System32\plsapp.dll"
sh=BB8C196BCDBED01EA857168CF4F563B43E8705D5 ft=1 fh=42c680e3bdbef60e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Windows\SysWOW64\plsapp.dll"
 

 

 

MBAM Log

MBAM.txt

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/17/2014
Scan Time: 4:17:49 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.17.05
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sandra
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403827
Time Elapsed: 24 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Softonic.A, C:\Users\Sandra\Downloads\SoftonicDownloader_for_kmplayer.exe, Quarantined, [4bfcf0d7b3c82f074c376ac14bb653ad], 
PUP.Optional.MultiPlug, C:\Users\Sandra\Desktop\Program Downloads\Walk+off+the+Earth+-+Rude+(Magic&#33;+cover)+(D.+Fetinin) - [MP3Juices.com].exe, Quarantined, [9daa0cbbef8c2b0b619c08a0cc3555ab], 
PUP.Optional.MultiPlug, C:\Users\Sandra\Desktop\Program Downloads\Free Download.exe, Quarantined, [1730c700ec8f88aedf1ecfd9bd44dd23], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 

 

 

Checkup.txt - Notepad

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 


#8 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 18 August 2014 - 03:38 PM

Hello, let's get rid of the items ESET found. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Users\Sandra\AppData\Local\Downloaded Installations\{FE5201C9-A684-47A1-AC22-3401B18E7682}\The Weather Channel App.msi
C:\Users\Sandra\AppData\Local\PCP_100_v3\PCPerformerSetup.exe
C:\Users\Sandra\Desktop\cbsidlm-cbsi183-Office_Key_Remover-SEO-75207156.exe
C:\Users\Sandra\Desktop\KMPlayer_3-9-0-126.exe
C:\Users\Sandra\Desktop\Virus ware help\ccsetup416.exe
C:\Users\Sandra\Downloads\CandyCrushSagaSetup.exe
C:\Users\Sandra\Downloads\ccsetup319.exe
C:\Users\Sandra\Downloads\drfone-for-android_full1531 (1).exe
C:\Users\Sandra\Downloads\drfone-for-android_full1531.exe
C:\Users\Sandra\Downloads\MapsSetup.exe
C:\Users\Sandra\Downloads\radarsync.exe
C:\Users\Sandra\Downloads\SuperOne*.*
C:\Windows\System32\plsapp.dll
C:\Windows\SysWOW64\plsapp.dll
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#9 siminu2

siminu2
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire
  • Local time:01:02 AM

Posted 18 August 2014 - 04:14 PM

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by Sandra at 2014-08-18 17:07:10 Run:2
Running from C:\Users\Sandra\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\Users\Sandra\AppData\Local\Downloaded Installations\{FE5201C9-A684-47A1-AC22-3401B18E7682}\The Weather Channel App.msi
C:\Users\Sandra\AppData\Local\PCP_100_v3\PCPerformerSetup.exe
C:\Users\Sandra\Desktop\cbsidlm-cbsi183-Office_Key_Remover-SEO-75207156.exe
C:\Users\Sandra\Desktop\KMPlayer_3-9-0-126.exe
C:\Users\Sandra\Desktop\Virus ware help\ccsetup416.exe
C:\Users\Sandra\Downloads\CandyCrushSagaSetup.exe
C:\Users\Sandra\Downloads\ccsetup319.exe
C:\Users\Sandra\Downloads\drfone-for-android_full1531 (1).exe
C:\Users\Sandra\Downloads\drfone-for-android_full1531.exe
C:\Users\Sandra\Downloads\MapsSetup.exe
C:\Users\Sandra\Downloads\radarsync.exe
C:\Users\Sandra\Downloads\SuperOne*.*
C:\Windows\System32\plsapp.dll
C:\Windows\SysWOW64\plsapp.dll
End
*****************
 
C:\Users\Sandra\AppData\Local\Downloaded Installations\{FE5201C9-A684-47A1-AC22-3401B18E7682}\The Weather Channel App.msi => Moved successfully.
C:\Users\Sandra\AppData\Local\PCP_100_v3\PCPerformerSetup.exe => Moved successfully.
C:\Users\Sandra\Desktop\cbsidlm-cbsi183-Office_Key_Remover-SEO-75207156.exe => Moved successfully.
C:\Users\Sandra\Desktop\KMPlayer_3-9-0-126.exe => Moved successfully.
C:\Users\Sandra\Desktop\Virus ware help\ccsetup416.exe => Moved successfully.
C:\Users\Sandra\Downloads\CandyCrushSagaSetup.exe => Moved successfully.
C:\Users\Sandra\Downloads\ccsetup319.exe => Moved successfully.
C:\Users\Sandra\Downloads\drfone-for-android_full1531 (1).exe => Moved successfully.
C:\Users\Sandra\Downloads\drfone-for-android_full1531.exe => Moved successfully.
C:\Users\Sandra\Downloads\MapsSetup.exe => Moved successfully.
C:\Users\Sandra\Downloads\radarsync.exe => Moved successfully.
 
"C:\Users\Sandra\Downloads\SuperOne*.*" directory move:
 
Could not move "C:\Users\Sandra\Downloads\SuperOne*.*" directory. => Scheduled to move on reboot.
 
"C:\Windows\System32\plsapp.dll" => File/Directory not found.
C:\Windows\SysWOW64\plsapp.dll => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-08-18 17:12:07)<=
 
"C:\Users\Sandra\Downloads\SuperOne*.*" => Directory could not move.
 
==== End of Fixlog ====


#10 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 18 August 2014 - 08:15 PM

Hello :)

Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
Step 1: Tool Removal and Creation of a Clean Restore Point


Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Java Warning, Program Updates, and Installation of FileHippo


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa
  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java



Updating Adobe Reader
  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.
Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information, and Optional Installation of Unchecky


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Are there any further issues I can assist you with?

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#11 siminu2

siminu2
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire
  • Local time:01:02 AM

Posted 19 August 2014 - 10:25 AM

# DelFix v10.8 - Logfile created 19/08/2014 at 11:10:38
# Updated 29/07/2014 by Xplode
# Username : Sandra - SANDRA-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\AdwCleaner
Deleted : C:\Users\Sandra\Desktop\JavaRa.zip
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #500 [End of disinfection | 08/19/2014 14:58:25]
 
New restore point created !
 
########## - EOF - ##########
 
Eset uninstalled
 
I have taken care of your concerns and will try very hard to pay more attention to what is being put on my computer.  Should I uninstall adobe Reader.  I had FoxitReader installed some time ago and found that it caused issues with programs but I am not sure if the issues were because I had both readers installed.  What would you suggest?
 
I truly can't thank you enough for the time and effort you put into helping me with my issues.  It is so hard when my whole life is linked to this machine.  You are wonderful
 
Thank you again,
 
Sandy


#12 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 19 August 2014 - 02:10 PM

I have taken care of your concerns and will try very hard to pay more attention to what is being put on my computer. Should I uninstall adobe Reader. I had FoxitReader installed some time ago and found that it caused issues with programs but I am not sure if the issues were because I had both readers installed. What would you suggest?


I personally use FoxIt and do not have Adobe installed. However, if it caused issues last time, I'd stick with Adobe. When you update it in the future, always make sure to uncheck the free offers they give. :)
 

I truly can't thank you enough for the time and effort you put into helping me with my issues. It is so hard when my whole life is linked to this machine. You are wonderful

Thank you again,

Sandy


You're quite welcome, it's my pleasure. Thank you for your kind words. :) If you need us again, don't hesitate to come back. :thumbup2:

Safe surfing :)

pystryker

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#13 siminu2

siminu2
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire
  • Local time:01:02 AM

Posted 19 August 2014 - 03:46 PM

pystryker    YOU ROCK!!!!!

 

Thanks

 

Sandy



#14 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 19 August 2014 - 09:07 PM

:thumbup2:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#15 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 19 August 2014 - 09:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users