Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost powershell wermgr processes and browser hijacks


  • This topic is locked This topic is locked
6 replies to this topic

#1 SarmaStef

SarmaStef

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 31 August 2014 - 04:42 PM

My 64-bit Vista laptop is infected with a virus despite having been using and running avast real-time protection. I've tried a variety of products to remove the virus to no avail. Among the symptoms are processor overload from multiple instances of:
dllhost.exe *32 process
powershell.exe *32 process (while in Safe Mode w/Networking)
powershell has stopped working message boxes (while in Safe Mode w/Networking)
wermgr.exe *32 process
 
It also changes my Internet Explorer browser setting to not allow downloads, and when internet access is turned on there are automated attempts to reach various urls that are blocked by avast.
 
Some of these symptoms do not always appear now in Normal startup mode, but they still occur in Safe Mode w/Networking.
 
Following is the DDS.txt:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16563
Run by Steff at 17:07:12 on 2014-08-31
Microsoft® Windows Vista Home Premium   6.0.6002.2.1252.1.1033.18.3998.1951 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.bing.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uProxyOverride = *.loca
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Facebook Update] "C:\Users\Steff\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [BrStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://sslvpn.savannah.chatham.k12.ga.us/CACHE/stc/1/binaries/vpnweb.cab
DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} - hxxps://sslvpn.savannah.chatham.k12.ga.us/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{800AD653-DFB6-43C9-9C43-6A24061F0A8F} : DHCPNameServer = 192.168.1.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - 
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-11 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-5-11 224896]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2011-11-20 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2011-11-20 427360]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/21 19:56:33];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-25 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-11-20 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-20 50344]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-3-6 49464]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-30 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-30 860472]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-7-9 231752]
R2 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2012-9-23 35344]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-6-1 365952]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-6-1 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-7-15 126464]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-30 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-30 122584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-6-2 245760]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2012-9-23 35840]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-8-31 32512]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-7-21 145496]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-30 64216]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-13 90776]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-08-31 20:52:17 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-31 14:30:13 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-08-29 22:11:17 427360 ----a-w- C:\Windows\System32\drivers\aswsp.sys
2014-08-29 22:10:41 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2014-08-29 22:10:41 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-08-29 22:10:41 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-08-29 22:10:40 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-29 22:10:40 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-08-29 22:10:40 307344 ----a-w- C:\Windows\System32\aswBoot.exe
2014-08-29 22:10:40 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-08-29 22:10:39 64752 ----a-w- C:\Windows\System32\drivers\aswrdr.sys
2014-08-29 22:10:38 43152 ----a-w- C:\Windows\avastSS.scr
2014-08-23 01:05:12 304128 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:42:45 390144 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-22 23:38:23 2782208 ----a-w- C:\Windows\System32\win32k.sys
2014-08-13 07:17:18 99218768 ----a-w- C:\Windows\System32\mrt.exe
2014-08-05 13:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-24 19:28:39 17861120 ----a-w- C:\Windows\System32\mshtml.dll
2014-07-24 19:12:19 2339328 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-24 19:10:55 10920960 ----a-w- C:\Windows\System32\ieframe.dll
2014-07-24 19:07:04 1384960 ----a-w- C:\Windows\System32\urlmon.dll
2014-07-24 19:06:41 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-07-24 19:05:30 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-24 19:05:19 237056 ----a-w- C:\Windows\System32\url.dll
2014-07-24 19:05:04 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-07-24 19:04:37 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-24 19:04:26 2155520 ----a-w- C:\Windows\System32\iertutil.dll
2014-07-24 19:04:22 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-24 19:04:21 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-07-24 19:04:20 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-07-24 19:04:00 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-07-24 19:03:49 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-07-24 19:03:44 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-07-24 19:03:44 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-07-24 19:03:29 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-07-24 19:03:22 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-24 19:03:10 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-07-24 19:02:55 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-07-24 18:07:38 12356608 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-07-24 17:58:33 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-24 17:57:19 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-07-24 17:52:27 1137664 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-07-24 17:51:52 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-24 17:51:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-24 17:50:29 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-07-24 17:50:10 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-07-24 17:49:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-24 17:49:38 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-24 17:49:37 1802240 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-07-24 17:49:29 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-07-24 17:49:18 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-07-24 17:48:57 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-07-24 17:48:53 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-07-24 17:48:51 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-07-24 17:48:50 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-07-24 17:48:36 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-07-24 17:48:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-24 17:48:21 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-07-24 17:47:53 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-07-09 16:10:37 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 16:10:37 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-09 16:10:22 10603008 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-07-08 01:12:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-08 00:46:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-06-26 22:17:31 8848 ----a-w- C:\Windows\System32\icardres.dll
2014-06-26 22:17:31 171152 ----a-w- C:\Windows\System32\infocardapi.dll
2014-06-26 22:17:30 1389200 ----a-w- C:\Windows\System32\icardagt.exe
2014-06-26 22:17:19 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-06-26 22:17:19 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-06-26 22:17:19 619664 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-06-14 00:56:04 901568 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-14 00:51:18 47104 ----a-w- C:\Windows\System32\cdd.dll
2014-06-06 08:59:38 506880 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-06 07:13:08 620032 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 04:29:32 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-06-06 04:28:35 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-06-02 21:30:18 503296 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-02 21:30:18 3137536 ----a-w- C:\Windows\System32\msi.dll
2014-06-02 21:29:27 2280448 ----a-w- C:\Windows\System32\authui.dll
2014-06-02 21:29:24 45056 ----a-w- C:\Windows\System32\appinfo.dll
.
============= FINISH: 17:10:36.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 31 August 2014 - 05:57 PM

Hi there,

please run the following scans:


Step 1

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)



Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 SarmaStef

SarmaStef
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 01 September 2014 - 09:50 AM

Hello!

Thanks for helping me with this problem. Following are the logs you requested.

ComboFix.txt:
ComboFix 14-08-31.01 - Steff 09/01/2014 8:38.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2065 [GMT -4:00]
Running from: c:\users\Steff\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Steff\notepad.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
---- Previous Run -------
.
c:\users\Steff\notepad.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
(Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server
AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
(Default) REG_SZ c:\windows\system32\thumbcache.dll
ThreadingModel REG_SZ Apartment
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-08-01 to 2014-09-01 )))))))))))))))))))))))))))))))
.
.
2014-09-01 13:01 . 2014-09-01 13:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-31 14:30 . 2014-08-31 14:30 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-08-31 00:19 . 2014-08-31 01:51 -------- d-----w- c:\programdata\HitmanPro
2014-08-30 23:35 . 2014-08-30 23:35 -------- d-----w- C:\SUPERDelete
2014-08-30 23:33 . 2014-08-30 23:33 -------- d-----w- c:\users\Steff\AppData\Roaming\SUPERAntiSpyware.com
2014-08-30 23:32 . 2014-08-30 23:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-08-30 23:32 . 2014-08-30 23:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-08-30 14:20 . 2014-09-01 12:01 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-30 14:19 . 2014-05-12 11:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-30 14:19 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-30 14:19 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-30 13:52 . 2014-08-23 01:05 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-30 13:52 . 2014-08-23 00:42 390144 ----a-w- c:\windows\system32\gdi32.dll
2014-08-30 13:52 . 2014-08-22 23:38 2782208 ----a-w- c:\windows\system32\win32k.sys
2014-08-29 22:11 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C0B1265-77C8-4E59-B7D8-642AFEB774AC}\mpengine.dll
2014-08-29 22:10 . 2014-08-29 22:10 43152 ----a-w- c:\windows\avastSS.scr
2014-08-24 22:38 . 2014-08-30 22:50 -------- d-----w- c:\users\Steff\AppData\Local\CrashDumps
2014-08-24 20:57 . 2014-08-30 13:47 -------- d-----w- c:\programdata\RogueKiller
2014-08-24 17:36 . 2014-08-24 22:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-08-24 17:35 . 2014-08-24 17:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-08-24 13:33 . 2014-08-24 13:57 -------- d-----w- C:\AdwCleaner
2014-08-24 00:28 . 2014-08-31 15:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-24 00:28 . 2014-08-24 00:28 -------- d-----w- c:\programdata\Malwarebytes
2014-08-13 07:03 . 2014-06-26 22:17 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 07:03 . 2014-06-26 22:17 171152 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 07:03 . 2014-06-26 22:17 1389200 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 07:03 . 2014-06-26 22:17 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 07:03 . 2014-06-26 22:17 619664 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 07:03 . 2014-06-26 22:17 8848 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 07:02 . 2014-06-06 04:29 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 07:02 . 2014-06-06 04:28 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 06:54 . 2014-06-14 00:56 901568 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 06:54 . 2014-06-14 00:51 47104 ----a-w- c:\windows\system32\cdd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-29 22:11 . 2011-11-20 14:48 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-29 22:10 . 2013-05-11 17:03 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-29 22:10 . 2011-11-20 14:48 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-08-29 22:10 . 2011-11-20 14:48 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-08-29 22:10 . 2014-06-26 00:34 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-29 22:10 . 2013-05-11 17:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-29 22:10 . 2011-11-20 14:48 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-29 22:10 . 2011-11-20 14:48 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-29 22:10 . 2011-11-20 14:48 64752 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-08-13 07:17 . 2006-11-02 12:35 99218768 ----a-w- c:\windows\system32\mrt.exe
2014-08-05 13:20 . 2009-10-05 01:24 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-09 16:10 . 2012-10-20 13:33 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 16:10 . 2012-01-28 15:09 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 16:10 . 2014-07-09 16:10 10603008 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-06-06 08:59 . 2014-07-10 00:04 506880 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-06 07:13 . 2014-07-10 00:04 620032 ----a-w- c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-10-31 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-09 206120]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-29 4085896]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 22:30 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 16:10]
.
2014-08-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-526642424-3022501460-31333452-1000Core.job
- c:\users\Steff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-22 02:30]
.
2014-08-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-526642424-3022501460-31333452-1000UA.job
- c:\users\Steff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-22 02:30]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 15:10]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 15:10]
.
2014-08-31 c:\windows\Tasks\HPCeeScheduleForSteff.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-06-01 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-29 22:10 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 246784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-04 442368]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.loca
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://sslvpn.savannah.chatham.k12.ga.us/CACHE/stc/1/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-Applet - c:\windows\system32\javaws.exe
AddRemove-PowerTeacher Gradebook - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
.
**************************************************************************
.
Completion time: 2014-09-01 09:15:34 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-01 13:15
.
Pre-Run: 192,890,548,224 bytes free
Post-Run: 192,581,378,048 bytes free
.
- - End Of File - - 5E1AF818AAEC887098292DAEA84F7633
5C86ADEC17B739C437E145E3B3FC2E6D


FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Steff (administrator) on STEFF-LAPTOP on 01-09-2014 09:37:30
Running from C:\Users\Steff\Desktop
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Corporation) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [246784 2008-01-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [442368 2009-06-03] (IDT, Inc.)
HKLM-x32\...\Run: [DVDAgent] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-25] (CyberLink)
HKLM-x32\...\Run: [TVAgent] => C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [206120 2009-05-08] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2008-11-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-29] (AVAST Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-526642424-3022501460-31333452-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-526642424-3022501460-31333452-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-526642424-3022501460-31333452-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.yahoo.com/search;_ylt=A0oG77ZSRGlM7wUBzspXNyoA?p=more+than+wonderful&fr=ie8&pstart=1&b=41
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {8A257C0B-8A05-46F1-A178-6022177EB9A8} URL =
SearchScopes: HKLM-x32 - DefaultScope {252D84C5-1113-38A6-0373-4AB633B34BAF} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {8A257C0B-8A05-46F1-A178-6022177EB9A8}
SearchScopes: HKLM-x32 - {252D84C5-1113-38A6-0373-4AB633B34BAF} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=dlcomaol-ie&s_qt=sb&tb_uuid=20121213231719355&tb_oid=13-12-2012
&tb_mrud=13-12-2012

SearchScopes: HKCU - DefaultScope {252D84C5-1113-38A6-0373-4AB633B34BAF} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKCU - Backup.Old.DefaultScope {A3DEBC79-04B9-4C50-AA7D-05798A61E7F5}
SearchScopes: HKCU - {252D84C5-1113-38A6-0373-4AB633B34BAF} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKCU - {314502BD-5212-4FC8-95CA-A5CF8EA1313C} URL =
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKCU - {8A257C0B-8A05-46F1-A178-6022177EB9A8} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://sslvpn.savannah.chatham.k12.ga.us/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {705EC6D4-B138-4079-A307-EF13E40C2416} https://sslvpn.savannah.chatham.k12.ga.us/CACHE/sdesktop/install/binaries/instweb.cab
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @Sibelius.com/Scorch Plugin -> C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Steff\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-04]

Chrome:
=======
CHR Profile: C:\Users\Steff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Steff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-31]
CHR Extension: (Google Drive) - C:\Users\Steff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31]
CHR Extension: (YouTube) - C:\Users\Steff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Steff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-31]
CHR Extension: (Google Wallet) - C:\Users\Steff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-31]
CHR Extension: (Gmail) - C:\Users\Steff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-29] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [963072 2007-10-14] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-07-09] (NETGEAR)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe [239104 2009-06-03] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-08-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-29] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-08-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-29] ()
S1 Beep; No ImagePath
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-08-31] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S3 BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 09:37 - 2014-09-01 09:38 - 00023414 _____ () C:\Users\Steff\Desktop\FRST.txt
2014-09-01 09:36 - 2014-09-01 09:37 - 00000000 ____D () C:\FRST
2014-09-01 09:15 - 2014-09-01 09:15 - 00022400 _____ () C:\ComboFix.txt
2014-09-01 08:36 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-01 08:36 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-01 08:36 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-01 08:36 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-01 08:36 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-01 08:36 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-01 08:36 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-01 08:36 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-01 08:35 - 2014-09-01 09:12 - 00000000 ____D () C:\Windows\erdnt
2014-09-01 08:22 - 2014-09-01 08:22 - 02104832 _____ (Farbar) C:\Users\Steff\Desktop\FRST64.exe
2014-09-01 08:18 - 2014-09-01 08:17 - 05576326 ____R (Swearware) C:\Users\Steff\Desktop\ComboFix.exe
2014-09-01 08:17 - 2014-09-01 08:17 - 05576326 _____ (Swearware) C:\Users\Steff\Downloads\ComboFix.exe
2014-08-31 17:11 - 2014-08-31 17:11 - 00019160 _____ () C:\Users\Steff\Desktop\attach.txt
2014-08-31 17:11 - 2014-08-31 17:10 - 00024449 _____ () C:\Users\Steff\Desktop\dds.txt
2014-08-31 17:04 - 2014-08-31 17:02 - 00688992 ____N (Swearware) C:\Users\Steff\Desktop\dds.com
2014-08-31 17:02 - 2014-08-31 17:02 - 00688992 _____ (Swearware) C:\Users\Steff\Downloads\dds.com
2014-08-31 15:14 - 2014-08-31 15:28 - 00000720 _____ () C:\Users\Steff\Desktop\Virus and Malware - Shortcut.lnk
2014-08-31 11:37 - 2014-08-31 11:37 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 10:30 - 2014-08-31 10:30 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-08-30 21:50 - 2014-08-30 21:50 - 00002466 _____ () C:\Windows\system32\.crusader
2014-08-30 20:19 - 2014-08-30 21:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-30 19:46 - 2014-08-30 19:46 - 00270224 _____ () C:\Windows\Minidump\Mini083014-01.dmp
2014-08-30 19:45 - 2014-08-30 19:45 - 520957837 _____ () C:\Windows\MEMORY.DMP
2014-08-30 19:35 - 2014-08-30 19:35 - 00000000 ____D () C:\SUPERDelete
2014-08-30 19:33 - 2014-08-30 19:33 - 00000000 ____D () C:\Users\Steff\AppData\Roaming\SUPERAntiSpyware.com
2014-08-30 19:32 - 2014-08-30 19:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-30 19:32 - 2014-08-30 19:32 - 00001716 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-30 19:32 - 2014-08-30 19:32 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-30 19:32 - 2014-08-30 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-30 19:20 - 2014-08-31 10:41 - 00000732 _____ () C:\Users\Steff\AppData\Local\d3d9caps64.dat
2014-08-30 10:20 - 2014-09-01 08:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 10:19 - 2014-08-31 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-30 10:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-30 10:19 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-30 10:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-30 10:17 - 2014-08-30 10:17 - 00000000 ____D () C:\Users\Steff\Downloads\Malwarebytes
2014-08-30 09:52 - 2014-08-22 21:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-30 09:52 - 2014-08-22 20:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 09:52 - 2014-08-22 19:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-29 18:38 - 2014-08-29 18:38 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Steff\Downloads\iExplore (1).exe
2014-08-29 18:37 - 2014-08-29 18:38 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Steff\Downloads\iExplore.exe
2014-08-29 18:10 - 2014-08-29 18:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-24 18:38 - 2014-08-30 18:50 - 00000000 ____D () C:\Users\Steff\AppData\Local\CrashDumps
2014-08-24 18:20 - 2014-09-01 09:15 - 00000000 ____D () C:\Qoobox
2014-08-24 16:57 - 2014-08-30 09:47 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-24 16:48 - 2014-08-31 15:59 - 00002676 _____ () C:\Users\Steff\Desktop\Rkill.txt
2014-08-24 13:36 - 2014-08-24 18:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-24 13:35 - 2014-08-24 13:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-24 13:24 - 2014-08-24 13:24 - 00000000 ____D () C:\Users\Steff\Downloads\New Folder
2014-08-24 10:40 - 2014-08-24 10:41 - 00000000 ____D () C:\Users\Steff\Downloads\Process Explorer
2014-08-24 09:33 - 2014-08-24 09:57 - 00000000 ____D () C:\AdwCleaner
2014-08-23 20:28 - 2014-08-31 11:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-23 20:28 - 2014-08-23 20:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 03:03 - 2014-06-26 18:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 03:03 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 03:03 - 2014-06-26 18:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 03:03 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 03:03 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 03:03 - 2014-06-26 18:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 03:02 - 2014-06-06 00:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 03:02 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 02:54 - 2014-06-13 20:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 02:54 - 2014-06-13 20:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 02:53 - 2014-07-24 15:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 02:53 - 2014-07-24 15:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 02:53 - 2014-07-24 15:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 02:53 - 2014-07-24 15:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 02:53 - 2014-07-24 15:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 02:53 - 2014-07-24 15:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 02:53 - 2014-07-24 15:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 02:53 - 2014-07-24 15:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 02:53 - 2014-07-24 15:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 02:53 - 2014-07-24 15:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 02:53 - 2014-07-24 15:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 02:53 - 2014-07-24 15:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 02:53 - 2014-07-24 15:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 02:53 - 2014-07-24 15:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 02:53 - 2014-07-24 15:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 02:53 - 2014-07-24 15:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 02:53 - 2014-07-24 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 02:53 - 2014-07-24 15:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 02:53 - 2014-07-24 15:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 02:53 - 2014-07-24 15:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 02:53 - 2014-07-24 15:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 02:53 - 2014-07-24 14:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 02:53 - 2014-07-24 13:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 02:53 - 2014-07-24 13:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 02:53 - 2014-07-24 13:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 02:53 - 2014-07-24 13:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 02:53 - 2014-07-24 13:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 02:53 - 2014-07-24 13:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-13 02:53 - 2014-07-24 13:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 02:53 - 2014-07-24 13:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 02:53 - 2014-07-24 13:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 02:53 - 2014-07-24 13:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 02:53 - 2014-07-24 13:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 02:53 - 2014-07-24 13:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 02:53 - 2014-07-24 13:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 02:53 - 2014-07-24 13:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 02:53 - 2014-07-24 13:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 02:53 - 2014-07-24 13:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 02:53 - 2014-07-24 13:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-13 02:53 - 2014-07-24 13:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-13 02:53 - 2014-07-24 13:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-13 02:53 - 2014-07-24 13:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 02:53 - 2014-07-07 21:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 02:53 - 2014-07-07 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 02:53 - 2014-06-02 17:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 02:53 - 2014-06-02 17:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 02:53 - 2014-06-02 17:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 02:53 - 2014-06-02 17:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-13 02:53 - 2014-06-02 16:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 02:53 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 02:53 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 02:53 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-09 11:33 - 2014-08-09 11:33 - 00017920 _____ () C:\Users\Steff\Documents\Wedding Guest List Part 04 - 140809.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 09:38 - 2014-09-01 09:37 - 00023414 _____ () C:\Users\Steff\Desktop\FRST.txt
2014-09-01 09:37 - 2014-09-01 09:36 - 00000000 ____D () C:\FRST
2014-09-01 09:30 - 2012-01-28 11:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 09:15 - 2014-09-01 09:15 - 00022400 _____ () C:\ComboFix.txt
2014-09-01 09:15 - 2014-08-24 18:20 - 00000000 ____D () C:\Qoobox
2014-09-01 09:15 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default
2014-09-01 09:12 - 2014-09-01 08:35 - 00000000 ____D () C:\Windows\erdnt
2014-09-01 09:10 - 2012-10-20 09:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 09:10 - 2009-07-21 22:10 - 02056289 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 09:10 - 2009-06-01 10:47 - 00003578 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-09-01 09:07 - 2013-05-11 13:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-01 09:06 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-01 09:04 - 2012-01-28 11:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 09:04 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 09:04 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 09:04 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 09:03 - 2014-07-17 16:35 - 00018712 _____ () C:\Windows\PFRO.log
2014-09-01 09:03 - 2006-11-02 08:33 - 86507520 _____ () C:\Windows\system32\config\software.bak
2014-09-01 09:03 - 2006-11-02 08:33 - 67633152 _____ () C:\Windows\system32\config\components.bak
2014-09-01 09:03 - 2006-11-02 08:33 - 39321600 _____ () C:\Windows\system32\config\system.bak
2014-09-01 09:03 - 2006-11-02 08:33 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-09-01 09:03 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-09-01 09:03 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-09-01 09:02 - 2009-06-01 08:53 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-09-01 09:02 - 2006-11-02 11:42 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-01 09:00 - 2009-08-07 12:37 - 00000000 ____D () C:\Users\Steff
2014-09-01 08:22 - 2014-09-01 08:22 - 02104832 _____ (Farbar) C:\Users\Steff\Desktop\FRST64.exe
2014-09-01 08:17 - 2014-09-01 08:18 - 05576326 ____R (Swearware) C:\Users\Steff\Desktop\ComboFix.exe
2014-09-01 08:17 - 2014-09-01 08:17 - 05576326 _____ (Swearware) C:\Users\Steff\Downloads\ComboFix.exe
2014-09-01 08:01 - 2014-08-30 10:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 07:56 - 2011-12-01 19:01 - 00054568 _____ () C:\Windows\system32\spsys.log
2014-08-31 17:45 - 2009-10-05 19:41 - 00000000 ___RD () C:\Users\Steff\Documents\My Documents Mover
2014-08-31 17:11 - 2014-08-31 17:11 - 00019160 _____ () C:\Users\Steff\Desktop\attach.txt
2014-08-31 17:10 - 2014-08-31 17:11 - 00024449 _____ () C:\Users\Steff\Desktop\dds.txt
2014-08-31 17:02 - 2014-08-31 17:04 - 00688992 ____N (Swearware) C:\Users\Steff\Desktop\dds.com
2014-08-31 17:02 - 2014-08-31 17:02 - 00688992 _____ (Swearware) C:\Users\Steff\Downloads\dds.com
2014-08-31 16:01 - 2012-04-24 06:28 - 00001356 _____ () C:\Users\Steff\AppData\Local\d3d9caps.dat
2014-08-31 15:59 - 2014-08-24 16:48 - 00002676 _____ () C:\Users\Steff\Desktop\Rkill.txt
2014-08-31 15:28 - 2014-08-31 15:14 - 00000720 _____ () C:\Users\Steff\Desktop\Virus and Malware - Shortcut.lnk
2014-08-31 13:35 - 2013-03-21 22:30 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-526642424-3022501460-31333452-1000UA.job
2014-08-31 12:55 - 2012-06-21 12:19 - 00003098 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSteff
2014-08-31 12:55 - 2012-06-21 12:19 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForSteff.job
2014-08-31 11:37 - 2014-08-31 11:37 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 11:37 - 2014-08-30 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-31 11:37 - 2014-08-23 20:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-31 10:41 - 2014-08-30 19:20 - 00000732 _____ () C:\Users\Steff\AppData\Local\d3d9caps64.dat
2014-08-31 10:30 - 2014-08-31 10:30 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-08-30 21:51 - 2014-08-30 20:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-30 21:50 - 2014-08-30 21:50 - 00002466 _____ () C:\Windows\system32\.crusader
2014-08-30 19:46 - 2014-08-30 19:46 - 00270224 _____ () C:\Windows\Minidump\Mini083014-01.dmp
2014-08-30 19:46 - 2012-03-06 22:20 - 00000000 ____D () C:\Windows\Minidump
2014-08-30 19:45 - 2014-08-30 19:45 - 520957837 _____ () C:\Windows\MEMORY.DMP
2014-08-30 19:35 - 2014-08-30 19:35 - 00000000 ____D () C:\SUPERDelete
2014-08-30 19:35 - 2009-06-01 10:37 - 00000000 ____D () C:\Program Files\AWS
2014-08-30 19:33 - 2014-08-30 19:33 - 00000000 ____D () C:\Users\Steff\AppData\Roaming\SUPERAntiSpyware.com
2014-08-30 19:33 - 2014-08-30 19:32 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-30 19:32 - 2014-08-30 19:32 - 00001716 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-30 19:32 - 2014-08-30 19:32 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-30 19:32 - 2014-08-30 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-30 18:51 - 2012-02-20 14:40 - 00002289 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-08-30 18:50 - 2014-08-24 18:38 - 00000000 ____D () C:\Users\Steff\AppData\Local\CrashDumps
2014-08-30 11:01 - 2006-11-02 11:21 - 00373968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 10:17 - 2014-08-30 10:17 - 00000000 ____D () C:\Users\Steff\Downloads\Malwarebytes
2014-08-30 09:47 - 2014-08-24 16:57 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-29 18:38 - 2014-08-29 18:38 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Steff\Downloads\iExplore (1).exe
2014-08-29 18:38 - 2014-08-29 18:37 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Steff\Downloads\iExplore.exe
2014-08-29 18:11 - 2014-02-02 09:17 - 00001829 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-29 18:11 - 2011-11-20 10:48 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-29 18:10 - 2014-08-29 18:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-29 18:10 - 2014-06-25 20:34 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-29 18:10 - 2013-05-11 13:03 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-29 18:10 - 2013-05-11 13:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-29 18:10 - 2011-11-20 10:48 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-08-29 18:10 - 2011-11-20 10:48 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-29 18:10 - 2011-11-20 10:48 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-29 18:10 - 2011-11-20 10:48 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-29 18:10 - 2011-11-20 10:48 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-08-29 06:53 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2014-08-29 06:53 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-08-29 06:53 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2014-08-29 06:53 - 2006-11-02 08:33 - 86507520 _____ () C:\Windows\system32\config\software_previous
2014-08-29 06:53 - 2006-11-02 08:33 - 39321600 _____ () C:\Windows\system32\config\system_previous
2014-08-29 06:47 - 2006-11-02 08:33 - 67633152 _____ () C:\Windows\system32\config\components_previous
2014-08-29 06:47 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-08-29 02:42 - 2006-11-02 08:33 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-08-29 02:42 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-08-27 19:49 - 2013-03-21 22:30 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-526642424-3022501460-31333452-1000Core.job
2014-08-24 23:25 - 2012-12-14 00:16 - 00000000 ____D () C:\Program Files (x86)\AOL Toolbar
2014-08-24 19:35 - 2013-03-21 22:30 - 00000000 ____D () C:\Users\Steff\AppData\Local\Facebook
2014-08-24 18:22 - 2014-08-24 13:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-24 13:40 - 2014-08-24 13:35 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-24 13:24 - 2014-08-24 13:24 - 00000000 ____D () C:\Users\Steff\Downloads\New Folder
2014-08-24 10:41 - 2014-08-24 10:40 - 00000000 ____D () C:\Users\Steff\Downloads\Process Explorer
2014-08-24 09:57 - 2014-08-24 09:33 - 00000000 ____D () C:\AdwCleaner
2014-08-24 09:14 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\IME
2014-08-23 22:13 - 2006-11-02 09:33 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-08-23 20:28 - 2014-08-23 20:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 21:05 - 2014-08-30 09:52 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:42 - 2014-08-30 09:52 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:22 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-22 19:38 - 2014-08-30 09:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 04:07 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-08-13 03:23 - 2009-06-01 10:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 03:21 - 2013-07-17 07:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 03:17 - 2006-11-02 08:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-09 11:33 - 2014-08-09 11:33 - 00017920 _____ () C:\Users\Steff\Documents\Wedding Guest List Part 04 - 140809.xls
2014-08-05 09:20 - 2009-10-04 21:24 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-01 09:12

==================== End Of Log ============================

Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Steff at 2014-09-01 09:39:21
Running from C:\Users\Steff\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
3ivx MPEG-4 5.0.3 (remove only) (HKLM-x32\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
4660_4680_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2201.41622 - ABBYY Software House)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_HPSU (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.26 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-7860DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Brother P-touch Address Book 1.1 (HKLM-x32\...\InstallShield_{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.2001 - Brother Industries, Ltd.)
Brother P-touch Address Book 1.1 (x32 Version: 1.1.2001 - Brother Industries, Ltd.) Hidden
Brother P-touch Editor 5.0 (HKLM-x32\...\InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2001 - Brother Industries, Ltd.)
Brother P-touch Editor 5.0 (x32 Version: 5.0.2001 - Brother Industries, Ltd.) Hidden
Brother P-touch Update Software (HKLM-x32\...\{08BAC163-A5E8-4838-90A9-8C9343400579}) (Version: 1.0.0030 - Brother Industries, Ltd.)
Brother QL-Series Software User's Guide (HKLM-x32\...\InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}) (Version: 1.00.0000 - Brother Industries, Ltd.)
Brother QL-Series Software User's Guide (x32 Version: 1.00.0000 - Brother Industries, Ltd.) Hidden
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2326 - CyberLink Corp.) Hidden
Destination Component (x32 Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 100.0.272.000 - Hewlett-Packard) Hidden
FlipShare (HKLM-x32\...\{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}) (Version: 5.10.25.0 - Flip Video)
Free Studio version 5.4.9 (HKLM-x32\...\Free Studio_is1) (Version: 5.4.9 - DVDVideoSoft Ltd.)
Freemake Video Converter version 2.3.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 2.3.4 - Ellora Assets Corporation)
FTP Utility (HKLM-x32\...\InstallShield_{A5EC243A-AAB4-4AF0-85A5-07F9F4618353}) (Version: 1.00.0000 - KONICA MINOLTA)
FTP Utility (x32 Version: 1.00.0000 - KONICA MINOLTA) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Common Access Service Library (x32 Version: 2.00 E6 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2328 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.1.2328 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.1.2425 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.1.2425 - Hewlett-Packard) Hidden
HP MediaSmart SlingPlayer (HKLM-x32\...\HP.MediaSmartSlingPlayer_is1) (Version: 2.1 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard)
HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.1.1708 - Hewlett-Packard)
HP MediaSmart TV (x32 Version: 2.1.1708 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.1.1124 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 2.1.1124 - Hewlett-Packard) Hidden
HP MULTIPLE MODEM INSTALLER for VISTA (HKLM-x32\...\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}) (Version: 1.0.0.30 - Hewlett Packard)
HP Officejet All-In-One Series (HKLM\...\{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}) (Version: 1.0 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.16.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{81E14A67-42ED-4DD0-AE08-366FE3D3102E}) (Version: 11.50.0012 - Hewlett-Packard Company)
HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5991.2847 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{4916DFBD-403B-4707-AA64-294DC082B99F}) (Version: 1.1.2274.2854 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP User Guides 0125 (HKLM-x32\...\{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{E5E29403-3D25-40C6-892B-F9FEE2A95585}) (Version: 3.50 A6 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
J4680 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.)
Juno Preloader (HKLM-x32\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1118 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1118 - CyberLink Corp.) Hidden
LightScribe System Software 1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Musicnotes Software Suite 1.7.0 (HKLM-x32\...\Musicnotes Combined Installer_is1) (Version: 1.7.0 - Musicnotes Inc.)
muvee Reveal (HKLM-x32\...\{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}) (Version: 7.0.35.7660 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NetDeviceManager64 (Version: 100.0.170.000 - Hewlett-Packard) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.26.50 - NETGEAR Inc.)
NetZero Preloader (HKLM-x32\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NXPowerLite (HKLM\...\{D332A993-88A6-47CC-AA5E-68107FF88CCF}) (Version: 5.0.6 - Neuxpower Solutions Ltd)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PDFill FREE PDF Tools (HKLM\...\{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}) (Version: 11.0 - PlotSoft LLC)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2317 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2317 - CyberLink Corp.) Hidden
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8101E/8168/8169 PCI/PCIe Adapters (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.210.1003.2008 - Realtek Corporation)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 10.1.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version: - ) Hidden
Seagate Manager Installer (HKLM-x32\...\InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}) (Version: 2.01.0109 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0109 - Seagate) Hidden
Sibelius Scorch (ActiveX Only) (HKLM-x32\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
Slingbox - Watch Your TV Anywhere (HKLM-x32\...\{7B798B31-2F33-4DC8-BDA4-D36488E86636}) (Version: 1.0.0 - Sling Media)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Status (x32 Version: 100.0.272.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
TomTom HOME 2.8.2.2264 (HKLM-x32\...\TomTom HOME) (Version: 2.8.2.2264 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Transcribe! 7.40 (HKLM-x32\...\Transcribe!_is1) (Version: 7.40 - Seventh String Software)
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) (HKLM\...\07B260955637F1FF7587ED2AA87459040DD09BF7) (Version: 09/04/2008 2.6.0.0 - ENE)
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-526642424-3022501460-31333452-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Steff\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-526642424-3022501460-31333452-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Steff\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2014-09-01 09:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {387FA8BF-6718-4A22-B715-EA813BF207E7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Steff => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {3F141F82-107B-4720-9412-840ADE8A05B5} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {53E73685-CAF1-4D7D-8D31-8CF0209C7D6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9327F55A-DA87-46CD-8EE7-69D4F3EB256A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28] (Google Inc.)
Task: {96EFD28A-DBC3-4884-89BB-90F18F1102EF} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A13CF311-AB42-401B-9834-A03F821F8ECD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B6C071D3-345F-4F98-9381-B525BB87BBE7} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe
Task: {C021EBB1-4AC9-4136-BF79-A0F623057C3C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-29] (AVAST Software)
Task: {CAFFE689-F0A0-40B4-8D2A-77CDB77F84F2} - System32\Tasks\HPCeeScheduleForSteff => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {D18D4BB7-6358-4E53-9CE0-2D73D26EBC26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {DA732456-32F4-48DE-BD33-FFEED84A0C72} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-526642424-3022501460-31333452-1000Core => C:\Users\Steff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-21] (Facebook Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F483D1C2-E1B3-4A04-9B22-DD25BF719040} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-526642424-3022501460-31333452-1000UA => C:\Users\Steff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-21] (Facebook Inc.)
Task: {F7DD70A8-B4BE-4641-B8A6-D36F253E7F57} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-526642424-3022501460-31333452-1000Core.job => C:\Users\Steff\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-526642424-3022501460-31333452-1000UA.job => C:\Users\Steff\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSteff.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2009-12-25 21:52 - 2009-12-25 21:52 - 00015360 _____ () C:\Windows\System32\KOAYQJ_L.DLL
2012-07-02 12:28 - 2012-03-11 14:56 - 00086608 _____ () C:\Windows\System32\cpwmon64.dll
2010-12-15 13:31 - 2010-12-15 13:31 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2010-12-15 13:22 - 2010-12-15 13:22 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
2009-06-01 10:41 - 2008-12-17 19:11 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
2009-06-01 10:33 - 2008-09-15 10:13 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-06-02 16:00 - 2005-04-22 00:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2008-11-26 20:13 - 2008-11-26 20:13 - 00296320 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
2008-11-26 20:13 - 2008-11-26 20:13 - 00116096 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
2008-11-26 20:12 - 2008-11-26 20:12 - 00074536 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus64.dll
2011-11-20 10:47 - 2014-08-29 18:10 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-01 08:08 - 2014-09-01 08:08 - 02805248 _____ () C:\Program Files\AVAST Software\Avast\defs\14090100\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
2010-12-15 13:31 - 2010-12-15 13:31 - 04300800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
2010-12-15 13:26 - 2010-12-15 13:26 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
2010-10-26 07:34 - 2010-10-26 07:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
2010-10-25 23:37 - 2010-10-25 23:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
2009-06-01 10:41 - 2008-12-17 19:11 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2008-11-26 20:13 - 2008-11-26 20:13 - 00263560 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
2008-11-26 20:13 - 2008-11-26 20:13 - 00038184 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
2008-11-26 20:13 - 2008-11-26 20:13 - 00124288 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
2008-11-26 20:13 - 2008-11-26 20:13 - 00349480 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2008-12-25 16:41 - 2008-12-25 16:41 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-02-02 09:16 - 2014-08-29 18:10 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ControlCenter4 => "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

==================== Faulty Device Manager Devices =============

Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2014 09:05:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 07:58:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 04:57:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: fb0
Start Time: 01cfc55cfbd62469
Termination Time: 62

Error: (08/31/2014 04:49:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 04:39:01 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/31/2014 04:37:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 04:21:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 03:28:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 03:27:14 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/31/2014 01:35:08 PM) (Source: Google Update) (EventID: 20) (User: Steff-Laptop)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7


System errors:
=============
Error: (09/01/2014 09:08:36 AM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&04E4) disappeared from the system without first being prepared for removal.

Error: (09/01/2014 09:08:36 AM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&03E4) disappeared from the system without first being prepared for removal.

Error: (09/01/2014 09:08:35 AM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&02E4) disappeared from the system without first being prepared for removal.

Error: (09/01/2014 09:08:35 AM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&00E4) disappeared from the system without first being prepared for removal.

Error: (09/01/2014 09:05:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
SRTSP
SRTSPX

Error: (09/01/2014 09:05:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (09/01/2014 09:05:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/01/2014 09:02:16 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (09/01/2014 09:01:54 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (09/01/2014 09:00:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (06/26/2014 06:23:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4850 seconds with 960 seconds of active time. This session ended with a crash.

Error: (03/23/2014 04:40:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 6795 seconds with 4740 seconds of active time. This session ended with a crash.

Error: (03/23/2014 02:47:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4534 seconds with 960 seconds of active time. This session ended with a crash.

Error: (03/19/2014 06:09:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1693 seconds with 420 seconds of active time. This session ended with a crash.

Error: (03/18/2014 05:48:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1242 seconds with 900 seconds of active time. This session ended with a crash.

Error: (03/16/2014 06:23:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9017 seconds with 4800 seconds of active time. This session ended with a crash.

Error: (03/16/2014 03:53:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1460 seconds with 600 seconds of active time. This session ended with a crash.

Error: (03/12/2014 04:03:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 744 seconds with 60 seconds of active time. This session ended with a crash.

Error: (03/11/2014 01:31:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4944 seconds with 60 seconds of active time. This session ended with a crash.

Error: (03/11/2014 00:16:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-09-01 09:39:11.519
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-01 09:39:10.802
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-01 09:39:10.162
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-01 09:39:09.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-01 09:39:08.602
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-01 09:39:07.978
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-01 09:39:07.245
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-01 09:39:06.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-01 09:38:23.537
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-01 09:38:22.913
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 41%
Total physical RAM: 3998.02 MB
Available physical RAM: 2328.24 MB
Total Pagefile: 8223.27 MB
Available Pagefile: 6341.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.65 GB) (Free:179.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.44 GB) (Free:2.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 27265BBE)
Partition 1: (Active) - (Size=283.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 01 September 2014 - 11:25 AM

This worked well!
How is your computer running now? What symptoms or problems are still present (if any)?
Let's do a final check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#5 SarmaStef

SarmaStef
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 01 September 2014 - 05:19 PM

Hi, again:
Symptoms have disappeared in Normal startup; haven't checked Safe Mode w/Networking.

ESET found 24 threats which I haven't yet cleaned as I'm following your instructions precisely. Please let me know right away how to handle this aspect.

Following is the ESET log.txt:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8671177b4ed3534792414b4d73060555
# engine=19945
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-01 09:29:55
# local_time=2014-09-01 05:29:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 170146 173105885 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 92773 246205701 0 0
# scanned=277312
# found=24
# cleaned=0
# scan_time=17599
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll"
sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnStub.exe"
sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe"
sh=A8049A30B31C369A85958C4125860E35DDCE51B4 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OSE trojan" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4fdc880-22ba9f23"
sh=BC64E17D4DD0D732EF008BF6FCC84AAD66DAC1FF ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\3840f08a-27ec11bc"
sh=DC5D4A4ACE32AE59492021F01D77D7E343DD81A0 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OXH trojan" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7dcb9dcf-29f16e18"
sh=3B05DCDB136243F5C0C427DE99E01DAE94550119 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OFB trojan" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\2f89a510-310b7a1f"
sh=EFC48AE941CCD470288396EDFB1CEC29980B52C5 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\1fef514-1759c6a3"
sh=39791F8F361349100265579E8633C4ACAA1F45DB ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7b1d6294-6b2af24b"
sh=3DC6A6E44105FE8C14E546BBC09BDA7D0706C9DC ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NUD trojan" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\5189752d-54a47955"
sh=DB2DE7E4AFA9A52AC9B662F3CFD4C155EC79ACEB ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NTI trojan" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\5b51716f-1df8f5a6"
sh=0E50B3A28491626A1D27B7149B13E6740ACBE3DE ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OXH trojan" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\59f516f4-14af3db2"
sh=2576BEA9FD7F511074EDE07000A7BDE9AFAC05B1 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NTH trojan" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\5e30eff4-17979e4c"
sh=E6ACCF7EBB21A771DB3E00AA1BD9F801CFB93272 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NUY trojan" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\7a86a774-6b5509c9"
sh=4ED0E288C5C77AD0E925C420FAD565C51E07AA5D ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\18f3ef3e-1c709c02"
sh=71DDBDE103D3C8E2207AE28BE126D50C6A9DC40D ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OSE trojan" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\63f84eff-12b6f265"
sh=47CE26C5CC8398EBA47BBA3C0B71DA5E23DC5FA0 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OXK trojan" ac=I fn="C:\Users\Steff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\161bcbc9-44530ca2"
sh=81B3EF5DF403D71A8F654BFEE61C9E4711B28D36 ft=1 fh=dd34d6796e8bf4af vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Steff\Desktop\CuteWriter.exe"
sh=50740393D79F6468525BF771617899221BB51252 ft=1 fh=06273f6f4ad48fdd vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Steff\Desktop\FreeStudio.exe"
sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Steff\Desktop\CCleaner\CCleaner Setup\ccsetup403.exe"
sh=FC36A7397F62A934D5357C89B4F9DF12EC98E7C9 ft=1 fh=d25567de9876cd46 vn="Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\Users\Steff\Documents\School\Jenkins\Computing\Xilisoft iPod Video Converter\x-ipod-video-converter6-cnet.exe"
sh=FC36A7397F62A934D5357C89B4F9DF12EC98E7C9 ft=1 fh=d25567de9876cd46 vn="Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\Users\Steff\Documents\School\Jenkins\Resources\Computing\Xilisoft iPod Video Converter\x-ipod-video-converter6-cnet.exe"

#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 01 September 2014 - 06:29 PM

Hi,

I can assure you that although these 24 threats might look scary at first sight there is nothing to worry about as they aren't active malware: A few of these files are already quarantined, a few are toolbars and the like that are bundled to installers and the rest are inactive remnants in Java cache. So no further action is required. But all those threats in Java cache are a clear indication how you got infected: You have a very old version of Java installed on your computer that has a lot of security holes that routinely get exploited when visiting infected websites. See below.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Reader 9.2
Java™ 6 Update 33




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 19 September 2014 - 02:39 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users