Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GOsave version 3 point 0


  • This topic is locked This topic is locked
8 replies to this topic

#1 ShadowFan

ShadowFan

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:39 AM

Posted 23 September 2014 - 12:24 PM

PLEASE HELP ME GET RID OF THIS THING !
I uninstalled it from my computer.... downloaded AdCleaner and ran a scan. My MBAM REFUSES TO RUN......... and GOsave 3.0 is still in my extensions :/



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 24 September 2014 - 08:30 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 ShadowFan

ShadowFan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:39 AM

Posted 24 September 2014 - 10:20 AM

Here are the logs from the FRST scan :)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by Michaela at 2014-09-24 11:13:57
Running from C:\Users\Michaela\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader 9.3 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{33C7BB7A-4C65-4605-A0CD-76C38F59B0A3}) (Version: 1.2.517.35221 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.517.35221 - Alcor Micro Corp.) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BioShock Infinite (HKLM-x32\...\BioShock Infinite_is1) (Version:  - )
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CSI-Hard Evidence (HKLM-x32\...\{FC1C2427-5954-451C-9ED8-A92D48ED7E07}) (Version: 1.1 - Telltale Games)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - Driver Support)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4121 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4121 - Hewlett-Packard) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Halo Combat Evolved (HKLM-x32\...\Halo Combat Evolved) (Version:  - )
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{7221D07E-D60E-419C-BC3E-9525BF3EC7C3}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard) Hidden
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4215 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.1.4215 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3024 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 4.1.3024 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{6A6A677A-3E1D-4A44-97FF-0EE3A8C1A862}) (Version: 2.1.4 - Hewlett-Packard Company)
HP QuickWeb Installer (HKLM-x32\...\{394FA67A-FF0A-4356-BB77-D85E5A300BDE}) (Version: 1.3.11.0 - DeviceVM Inc.)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}) (Version: 5.0.14.2 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
PureLeads (HKLM-x32\...\PureLeads) (Version: 2.0.17 - PureLeads)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Roxio CinemaNow 2.0 (x32 Version: 1.0.284 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
The Sims™ 2 Deluxe (HKLM-x32\...\{9C244239-ED8E-40f1-937F-51C706CD2160}) (Version:  - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.47.6 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Movie Maker Packages (HKCU\...\Windows Live Movie Maker Packages) (Version:  - ) <==== ATTENTION
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-09-2014 02:56:57 Installed DirectX
16-09-2014 15:50:39 Scheduled Checkpoint
20-09-2014 00:41:17 Removed CinemaNow Media Manager.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09923AB3-A8ED-498F-A807-9EA548ED3259} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2308C029-065E-4CC0-9491-FC9B03E213D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {3260ED73-F707-4B7B-A6DF-99A6B2B6BD2D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-30] (Hewlett-Packard Company)
Task: {34E9CE78-4808-4833-8EE3-98216851D6BF} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {5BBC7488-3FBB-4EEE-B1F5-AFD603C2FE4B} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {5D43288A-CE69-4FB2-94C4-C5B2A37B8BCE} - System32\Tasks\AdobeAAMUpdater-1.0-Michaela-HP-Michaela => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {65459A42-04DF-4BB8-8CE9-EF31AF741067} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {681C6126-0EE1-48F7-9FF9-421C4DD6B12D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A607F4C5-8B4D-4B1C-85E2-D43D25CD17BE} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe
Task: {A6EEADE3-77CE-4C51-BDA6-EBBC8E76D2BB} - System32\Tasks\CIMT_S-1-5-21-2232288304-12406138-2612985852-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {B1E514A4-63D7-42EE-BC61-329043A287EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-30] (Hewlett-Packard Company)
Task: {BA2CC12B-3716-4C07-B6A7-DC822B338874} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink)
Task: {E3245044-4E0C-4580-AB55-955758B638DA} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-24] ()
Task: C:\Windows\Tasks\CIMT_S-1-5-21-2232288304-12406138-2612985852-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-29 23:25 - 2013-04-29 23:25 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-06-14 19:16 - 2010-06-14 19:16 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2010-01-20 20:20 - 2010-01-20 20:20 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-06-18 19:26 - 2010-06-18 19:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 19:26 - 2010-06-18 19:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 19:26 - 2010-06-18 19:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2013-04-29 23:25 - 2013-04-29 23:25 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-20 11:24 - 2014-03-20 11:24 - 05288608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-18 23:22 - 2014-03-18 23:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-09-13 14:42 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-13 14:42 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-08-21 20:31 - 2014-08-21 20:31 - 01517904 _____ () C:\Program Files (x86)\Perfect World Entertainment\Arc\CoreUI.dll
2014-08-12 18:15 - 2014-08-12 18:15 - 00174416 _____ () C:\Program Files (x86)\Perfect World Entertainment\Arc\ZUnZip.dll
2014-08-12 18:15 - 2014-08-12 18:15 - 00568552 _____ () C:\Program Files (x86)\Perfect World Entertainment\Arc\sqlite3.dll
2014-09-18 15:28 - 2014-09-18 15:28 - 00178512 _____ () C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcOverlayStub.dll
2014-09-13 14:42 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-13 14:42 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-13 14:42 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2014 11:05:46 AM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodCould not load file or assembly 'System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.

Error: (09/23/2014 08:29:31 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodCould not load file or assembly 'System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.

Error: (09/23/2014 03:38:59 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodCould not load file or assembly 'System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.

Error: (09/23/2014 02:17:41 PM) (Source: Sendori) (EventID: 99) (User: )
Description: TV ERRORThe remote name could not be resolved: 'pureleadstv.searchtreat.com'

Error: (09/23/2014 02:04:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4212

Error: (09/23/2014 02:04:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4212

Error: (09/23/2014 02:04:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/23/2014 02:04:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3167

Error: (09/23/2014 02:04:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3167

Error: (09/23/2014 02:04:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/24/2014 11:03:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2

Error: (09/24/2014 10:59:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The plsapp service failed to start due to the following error: 
%%1053

Error: (09/24/2014 10:59:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the plsapp service to connect.

Error: (09/24/2014 10:59:20 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:46:31 PM on ‎9/‎23/‎2014 was unexpected.

Error: (09/23/2014 08:28:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2

Error: (09/23/2014 08:28:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

Error: (09/23/2014 08:26:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053hpqwmiex{F5539356-2F02-40D4-999E-FA61F45FE12E}

Error: (09/23/2014 08:26:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Software Framework Service service failed to start due to the following error: 
%%1053

Error: (09/23/2014 08:26:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.

Error: (09/23/2014 08:25:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.


Microsoft Office Sessions:
=========================
Error: (09/24/2014 11:05:46 AM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodCould not load file or assembly 'System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.

Error: (09/23/2014 08:29:31 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodCould not load file or assembly 'System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.

Error: (09/23/2014 03:38:59 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodCould not load file or assembly 'System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.

Error: (09/23/2014 02:17:41 PM) (Source: Sendori) (EventID: 99) (User: )
Description: TV ERRORThe remote name could not be resolved: 'pureleadstv.searchtreat.com'

Error: (09/23/2014 02:04:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4212

Error: (09/23/2014 02:04:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4212

Error: (09/23/2014 02:04:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/23/2014 02:04:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3167

Error: (09/23/2014 02:04:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3167

Error: (09/23/2014 02:04:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Processor: AMD Turion(tm) II P540 Dual-Core Processor
Percentage of memory in use: 50%
Total physical RAM: 3834.9 MB
Available physical RAM: 1900.25 MB
Total Pagefile: 7667.98 MB
Available Pagefile: 5121.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:447.88 GB) (Free:275.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.58 GB) (Free:2.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 471A47B2)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Michaela (administrator) on MICHAELA-HP on 24-09-2014 11:11:07
Running from C:\Users\Michaela\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(DeviceVM, Inc.) C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\System32\atibtmon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Perfect World Entertainment Inc) C:\Program Files (x86)\Perfect World Entertainment\Arc\Arc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(sendori) C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-06-08] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-06-25] (Alcor Micro Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-01] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-02-03] (Power Software Ltd)
HKLM-x32\...\Run: [PureLeads Tray] => C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [383312 2014-09-18] (Perfect World Entertainment)
HKU\S-1-5-21-2232288304-12406138-2612985852-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4680568 2014-02-20] (PC Drivers Headquarters)
HKU\S-1-5-21-2232288304-12406138-2612985852-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2232288304-12406138-2612985852-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2232288304-12406138-2612985852-1001\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:13845;https=127.0.0.1:13845
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {22F48301-8620-4F75-B96E-FC55EB4AAC01} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {6AA38279-2E88-4269-9D83-568FB1CEF88D} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {81CF652D-4739-4A31-9C76-C19C2234737B} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {22F48301-8620-4F75-B96E-FC55EB4AAC01} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {6AA38279-2E88-4269-9D83-568FB1CEF88D} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {81CF652D-4739-4A31-9C76-C19C2234737B} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {22F48301-8620-4F75-B96E-FC55EB4AAC01} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {6AA38279-2E88-4269-9D83-568FB1CEF88D} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {81CF652D-4739-4A31-9C76-C19C2234737B} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://websearch.calcitapp.info/"
CHR DefaultSearchKeyword: Default -> A92091CC0927B1D32528E47C77297D740D531DF2CE0087FC0304B31CC5E4D473
CHR DefaultSearchURL: Default -> F501F608A2D6F08101D1ED7B179A0D3C2422BEA74C2DAE98B411E3A3A8357490
CHR Profile: C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-25]
CHR Extension: (Google Search) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-25]
CHR Extension: (AdBlock) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-25]
CHR Extension: (Muzy) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jammhkdcdlocifampbainkfchnoneahm [2014-09-18]
CHR Extension: (GOSave) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdbdoaffinkndakigphmjbfjjhcbagng [2014-09-18]
CHR Extension: (Google Wallet) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-25]
CHR Extension: (Gmail) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-25]
CHR Extension: (GOSave) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdbdoaffinkndakigphmjbfjjhcbagng\3.0 [2014-09-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-09-18] (Perfect World Entertainment Inc)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DvmMDES; C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-06-25] (DeviceVM, Inc.)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-30] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-14] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)
R2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)
R2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2009-11-11] (DeviceVM, Inc.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 11:11 - 2014-09-24 11:12 - 00018925 _____ () C:\Users\Michaela\Downloads\FRST.txt
2014-09-24 11:10 - 2014-09-24 11:11 - 00000000 ____D () C:\FRST
2014-09-24 11:10 - 2014-09-24 11:10 - 02106880 _____ (Farbar) C:\Users\Michaela\Downloads\FRST64.exe
2014-09-23 09:25 - 2014-09-23 09:26 - 64430684 _____ () C:\Users\Michaela\Downloads\untitled-prezi-nrngqba_7jzu.zip
2014-09-21 12:14 - 2014-09-24 10:59 - 00000012 ____H () C:\dvmexp.idx
2014-09-21 12:14 - 2014-09-21 12:14 - 00000000 ___HD () C:\dvmexp
2014-09-21 12:07 - 2014-09-21 12:11 - 00000000 ____D () C:\AdwCleaner
2014-09-21 12:06 - 2014-09-21 12:06 - 01373475 _____ () C:\Users\Michaela\Downloads\adwcleaner_3.310.exe
2014-09-21 11:12 - 2014-09-21 11:12 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-21 11:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-21 11:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-21 11:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-21 10:52 - 2014-09-21 10:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michaela\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-20 14:28 - 2014-09-20 22:47 - 00231039 _____ () C:\Users\Michaela\Documents\Akatsuki React.wlmp
2014-09-20 00:35 - 2014-09-20 10:33 - 00044906 _____ () C:\Users\Michaela\Documents\WHAT THE.wlmp
2014-09-19 21:12 - 2014-09-21 11:13 - 00000000 ____D () C:\Users\Michaela\AppData\Local\CrashDumps
2014-09-18 15:18 - 2014-09-20 00:08 - 00144705 _____ () C:\Users\Michaela\Documents\neji 98.wlmp
2014-09-18 13:27 - 2014-09-18 13:29 - 85752375 _____ () C:\Users\Michaela\Downloads\Le Chevalier D'Eon - 1 - D'Eon and Lia.mp4
2014-09-18 13:26 - 2014-09-19 20:46 - 00000000 ____D () C:\ProgramData\7cb11316be289221
2014-09-18 13:26 - 2014-09-19 20:35 - 00000000 ____D () C:\ProgramData\GoSavea
2014-09-18 13:26 - 2014-09-19 20:33 - 00000000 ____D () C:\Program Files (x86)\GoSavea
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Comodo
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\Guest
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-18 12:58 - 2014-09-18 12:59 - 16891374 _____ () C:\Users\Michaela\Downloads\My Favorite Bite Scenes in Diabolik Lovers.mp4
2014-09-18 12:53 - 2014-09-18 12:54 - 11211980 _____ () C:\Users\Michaela\Downloads\Anime Crying Spree.mp4
2014-09-18 12:51 - 2014-09-18 12:52 - 12578227 _____ () C:\Users\Michaela\Downloads\The Funeral sad anime mix.mp4
2014-09-18 12:50 - 2014-09-18 12:50 - 32308866 _____ () C:\Users\Michaela\Downloads\top 5 saddest anime deaths.mp4
2014-09-18 00:47 - 2014-09-18 15:23 - 00051157 _____ () C:\Users\Michaela\Documents\viv.wlmp
2014-09-16 14:38 - 2014-09-16 14:38 - 00000000 ____D () C:\Users\Michaela\Documents\Avatar
2014-09-12 09:54 - 2014-09-23 09:30 - 00000047 _____ () C:\Users\Michaela\Documents\Prezi.txt
2014-09-09 21:36 - 2014-09-18 00:41 - 00030372 _____ () C:\Users\Michaela\Documents\neji 97.wlmp
2014-09-08 23:39 - 2014-09-08 23:39 - 00051593 _____ () C:\Users\Michaela\Documents\ERTYHJK.wlmp
2014-09-08 23:03 - 2014-09-10 15:03 - 00051593 _____ () C:\Users\Michaela\Documents\neji 96.wlmp
2014-09-08 13:49 - 2014-09-09 22:58 - 00065767 _____ () C:\Users\Michaela\Documents\neji 95.wlmp
2014-09-06 21:43 - 2014-09-06 21:43 - 00000000 ____D () C:\ProgramData\pwd
2014-09-06 01:34 - 2014-09-10 15:07 - 00081307 _____ () C:\Users\Michaela\Documents\true facts 2.wlmp
2014-09-02 22:49 - 2014-09-05 19:16 - 00078654 _____ () C:\Users\Michaela\Documents\true facts 1.wlmp
2014-09-01 21:30 - 2014-09-01 21:48 - 00041658 _____ () C:\Users\Michaela\Documents\neji 94.wlmp
2014-09-01 00:51 - 2014-09-01 02:35 - 00075678 _____ () C:\Users\Michaela\Documents\neji 93.wlmp
2014-08-31 23:34 - 2014-09-01 00:42 - 00448862 _____ () C:\Users\Michaela\Documents\Favorite songs by choji.wlmp
2014-08-31 21:05 - 2014-08-31 21:08 - 00105259 _____ () C:\Users\Michaela\Documents\Choji 93.wlmp
2014-08-30 22:36 - 2014-08-31 10:20 - 00653825 _____ () C:\Users\Michaela\Documents\alexis sees 4.wlmp
2014-08-29 14:35 - 2014-08-29 14:35 - 00131913 _____ () C:\Users\Michaela\Documents\Lets disturb the town.wlmp
2014-08-28 07:18 - 2014-09-01 00:51 - 00290627 _____ () C:\Users\Michaela\Documents\alexis sees 3.wlmp
2014-08-26 07:58 - 2014-08-26 21:33 - 00387253 _____ () C:\Users\Michaela\Documents\alexis sees 2.wlmp
2014-08-25 22:22 - 2014-08-25 22:22 - 00006105 _____ () C:\Users\Michaela\Documents\megan.wlmp
2014-08-25 22:16 - 2014-08-26 20:58 - 00165333 _____ () C:\Users\Michaela\Documents\Alexis Sees.wlmp
2014-08-25 00:48 - 2014-08-25 00:48 - 00001334 _____ () C:\Users\Michaela\Documents\moooooooooooooooooooo.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 11:13 - 2014-02-25 10:36 - 00000362 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-2232288304-12406138-2612985852-1001.job
2014-09-24 11:12 - 2014-09-24 11:11 - 00018925 _____ () C:\Users\Michaela\Downloads\FRST.txt
2014-09-24 11:11 - 2014-09-24 11:10 - 00000000 ____D () C:\FRST
2014-09-24 11:11 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 11:11 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 11:10 - 2014-09-24 11:10 - 02106880 _____ (Farbar) C:\Users\Michaela\Downloads\FRST64.exe
2014-09-24 11:09 - 2011-01-14 10:36 - 01416715 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 11:03 - 2014-05-02 18:08 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Adobe
2014-09-24 11:00 - 2014-02-25 09:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-24 10:59 - 2014-09-21 12:14 - 00000012 ____H () C:\dvmexp.idx
2014-09-24 10:59 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 10:59 - 2009-07-14 00:51 - 00062864 _____ () C:\Windows\setupact.log
2014-09-23 23:34 - 2014-02-25 09:07 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 14:17 - 2014-03-25 20:52 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Skype
2014-09-23 09:30 - 2014-09-12 09:54 - 00000047 _____ () C:\Users\Michaela\Documents\Prezi.txt
2014-09-23 09:26 - 2014-09-23 09:25 - 64430684 _____ () C:\Users\Michaela\Downloads\untitled-prezi-nrngqba_7jzu.zip
2014-09-22 23:00 - 2014-07-28 18:21 - 00000000 ____D () C:\PaintToolSAI
2014-09-22 21:03 - 2009-07-14 01:08 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-21 12:14 - 2014-09-21 12:14 - 00000000 ___HD () C:\dvmexp
2014-09-21 12:14 - 2014-06-15 17:12 - 00000000 ____D () C:\temp
2014-09-21 12:13 - 2011-01-14 10:43 - 00469612 _____ () C:\Windows\PFRO.log
2014-09-21 12:11 - 2014-09-21 12:07 - 00000000 ____D () C:\AdwCleaner
2014-09-21 12:06 - 2014-09-21 12:06 - 01373475 _____ () C:\Users\Michaela\Downloads\adwcleaner_3.310.exe
2014-09-21 11:13 - 2014-09-19 21:12 - 00000000 ____D () C:\Users\Michaela\AppData\Local\CrashDumps
2014-09-21 11:12 - 2014-09-21 11:12 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-21 10:53 - 2014-09-21 10:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michaela\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-21 09:37 - 2014-02-25 08:54 - 00000242 _____ () C:\Users\Michaela\AppData\Local\mv_Photo.xml
2014-09-20 22:47 - 2014-09-20 14:28 - 00231039 _____ () C:\Users\Michaela\Documents\Akatsuki React.wlmp
2014-09-20 10:33 - 2014-09-20 00:35 - 00044906 _____ () C:\Users\Michaela\Documents\WHAT THE.wlmp
2014-09-20 00:08 - 2014-09-18 15:18 - 00144705 _____ () C:\Users\Michaela\Documents\neji 98.wlmp
2014-09-19 20:46 - 2014-09-18 13:26 - 00000000 ____D () C:\ProgramData\7cb11316be289221
2014-09-19 20:46 - 2014-02-25 10:26 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-19 20:35 - 2014-09-18 13:26 - 00000000 ____D () C:\ProgramData\GoSavea
2014-09-19 20:33 - 2014-09-18 13:26 - 00000000 ____D () C:\Program Files (x86)\GoSavea
2014-09-19 00:07 - 2014-02-25 08:54 - 00000123 _____ () C:\Users\Michaela\AppData\Local\mv_music.xml
2014-09-18 15:23 - 2014-09-18 00:47 - 00051157 _____ () C:\Users\Michaela\Documents\viv.wlmp
2014-09-18 13:29 - 2014-09-18 13:27 - 85752375 _____ () C:\Users\Michaela\Downloads\Le Chevalier D'Eon - 1 - D'Eon and Lia.mp4
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Comodo
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\Guest
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-18 13:26 - 2014-09-18 13:26 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-18 13:26 - 2014-02-25 09:07 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Google
2014-09-18 13:26 - 2014-02-25 09:07 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-18 12:59 - 2014-09-18 12:58 - 16891374 _____ () C:\Users\Michaela\Downloads\My Favorite Bite Scenes in Diabolik Lovers.mp4
2014-09-18 12:54 - 2014-09-18 12:53 - 11211980 _____ () C:\Users\Michaela\Downloads\Anime Crying Spree.mp4
2014-09-18 12:52 - 2014-09-18 12:51 - 12578227 _____ () C:\Users\Michaela\Downloads\The Funeral sad anime mix.mp4
2014-09-18 12:50 - 2014-09-18 12:50 - 32308866 _____ () C:\Users\Michaela\Downloads\top 5 saddest anime deaths.mp4
2014-09-18 00:41 - 2014-09-09 21:36 - 00030372 _____ () C:\Users\Michaela\Documents\neji 97.wlmp
2014-09-16 14:38 - 2014-09-16 14:38 - 00000000 ____D () C:\Users\Michaela\Documents\Avatar
2014-09-16 14:35 - 2010-07-21 21:09 - 00000000 ____D () C:\ProgramData\CyberLink
2014-09-13 22:04 - 2014-08-17 21:25 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Arc
2014-09-13 14:43 - 2014-02-25 09:08 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-10 15:07 - 2014-09-06 01:34 - 00081307 _____ () C:\Users\Michaela\Documents\true facts 2.wlmp
2014-09-10 15:03 - 2014-09-08 23:03 - 00051593 _____ () C:\Users\Michaela\Documents\neji 96.wlmp
2014-09-09 22:58 - 2014-09-08 13:49 - 00065767 _____ () C:\Users\Michaela\Documents\neji 95.wlmp
2014-09-08 23:39 - 2014-09-08 23:39 - 00051593 _____ () C:\Users\Michaela\Documents\ERTYHJK.wlmp
2014-09-06 21:43 - 2014-09-06 21:43 - 00000000 ____D () C:\ProgramData\pwd
2014-09-06 02:11 - 2014-08-17 21:33 - 00000000 ___HD () C:\ArcTemp
2014-09-06 01:55 - 2014-08-17 21:24 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-09-05 23:00 - 2010-07-21 19:23 - 00091214 _____ () C:\Windows\DirectX.log
2014-09-05 19:16 - 2014-09-02 22:49 - 00078654 _____ () C:\Users\Michaela\Documents\true facts 1.wlmp
2014-09-01 21:48 - 2014-09-01 21:30 - 00041658 _____ () C:\Users\Michaela\Documents\neji 94.wlmp
2014-09-01 02:35 - 2014-09-01 00:51 - 00075678 _____ () C:\Users\Michaela\Documents\neji 93.wlmp
2014-09-01 00:51 - 2014-08-28 07:18 - 00290627 _____ () C:\Users\Michaela\Documents\alexis sees 3.wlmp
2014-09-01 00:42 - 2014-08-31 23:34 - 00448862 _____ () C:\Users\Michaela\Documents\Favorite songs by choji.wlmp
2014-08-31 21:08 - 2014-08-31 21:05 - 00105259 _____ () C:\Users\Michaela\Documents\Choji 93.wlmp
2014-08-31 10:20 - 2014-08-30 22:36 - 00653825 _____ () C:\Users\Michaela\Documents\alexis sees 4.wlmp
2014-08-30 22:35 - 2014-06-15 07:29 - 00096091 _____ () C:\Users\Michaela\Documents\let is go multilingual.wlmp
2014-08-29 14:35 - 2014-08-29 14:35 - 00131913 _____ () C:\Users\Michaela\Documents\Lets disturb the town.wlmp
2014-08-28 18:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-26 22:10 - 2014-08-16 23:29 - 00123276 _____ () C:\Users\Michaela\Documents\fun with kankuro 5.wlmp
2014-08-26 21:51 - 2014-08-06 23:12 - 00072857 _____ () C:\Users\Michaela\Documents\neji 91.wlmp
2014-08-26 21:33 - 2014-08-26 07:58 - 00387253 _____ () C:\Users\Michaela\Documents\alexis sees 2.wlmp
2014-08-26 20:58 - 2014-08-25 22:16 - 00165333 _____ () C:\Users\Michaela\Documents\Alexis Sees.wlmp
2014-08-25 22:22 - 2014-08-25 22:22 - 00006105 _____ () C:\Users\Michaela\Documents\megan.wlmp
2014-08-25 00:48 - 2014-08-25 00:48 - 00001334 _____ () C:\Users\Michaela\Documents\moooooooooooooooooooo.txt

Some content of TEMP:
====================
C:\Users\Michaela\AppData\Local\Temp\7i8es2sh.dll
C:\Users\Michaela\AppData\Local\Temp\AutoRun.exe
C:\Users\Michaela\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Michaela\AppData\Local\Temp\BackupSetup.exe
C:\Users\Michaela\AppData\Local\Temp\c15f980b-ce82-421b-b08a-b235c8982003.exe
C:\Users\Michaela\AppData\Local\Temp\chrome.exe
C:\Users\Michaela\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Michaela\AppData\Local\Temp\drm_dyndata_7320010.dll
C:\Users\Michaela\AppData\Local\Temp\e24ad43f-cc3b-4187-a19f-985136aec93c.exe
C:\Users\Michaela\AppData\Local\Temp\EAD9B89.exe
C:\Users\Michaela\AppData\Local\Temp\evrejx3s.dll
C:\Users\Michaela\AppData\Local\Temp\f74337DE1.exe
C:\Users\Michaela\AppData\Local\Temp\fpaw8gup.dll
C:\Users\Michaela\AppData\Local\Temp\HPQSi.exe
C:\Users\Michaela\AppData\Local\Temp\kmvnzkgg.dll
C:\Users\Michaela\AppData\Local\Temp\movie-maker-1-6.exe
C:\Users\Michaela\AppData\Local\Temp\MSNF94E.exe
C:\Users\Michaela\AppData\Local\Temp\nsa2989.tmp.exe
C:\Users\Michaela\AppData\Local\Temp\OfertaUnipack_Installer.exe
C:\Users\Michaela\AppData\Local\Temp\OfertaVuuPC_Setup.exe
C:\Users\Michaela\AppData\Local\Temp\Quarantine.exe
C:\Users\Michaela\AppData\Local\Temp\rfj8wtnq.dll
C:\Users\Michaela\AppData\Local\Temp\safeguard.exe
C:\Users\Michaela\AppData\Local\Temp\SpOrder.dll
C:\Users\Michaela\AppData\Local\Temp\uab6dlgl.dll
C:\Users\Michaela\AppData\Local\Temp\ubi1191.tmp.exe
C:\Users\Michaela\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Michaela\AppData\Local\Temp\v-bates.exe
C:\Users\Michaela\AppData\Local\Temp\VP6Install.exe
C:\Users\Michaela\AppData\Local\Temp\VP6VFW.dll
C:\Users\Michaela\AppData\Local\Temp\vqnrbxip.dll
C:\Users\Michaela\AppData\Local\Temp\VuuPC.exe
C:\Users\Michaela\AppData\Local\Temp\_isD9A2.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 11:42

==================== End Of Log ============================


#4 ShadowFan

ShadowFan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:39 AM

Posted 24 September 2014 - 10:45 AM

And this is the GMR log

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-24 11:43:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-60A0RT0 rev.02.01A02 465.76GB
Running: zdgirled.exe; Driver: C:\Users\Michaela\AppData\Local\Temp\uwlyqkow.sys


---- Registry - GMER 2.1 ----

Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3956328d2                      
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3956328d2 (not active ControlSet)  

---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----


#5 ShadowFan

ShadowFan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:39 AM

Posted 24 September 2014 - 12:33 PM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 

 

Above this reply are my logs



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 25 September 2014 - 06:16 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 ShadowFan

ShadowFan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:39 AM

Posted 26 September 2014 - 12:55 PM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Okay, I used FRST and got the fixlog.  My malwarebytes will not run, so I could not get that result for you.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2014
Ran by Michaela at 2014-09-26 13:26:16 Run:1
Running from C:\Users\Michaela\Downloads
Loaded Profile: Michaela (Available profiles: Michaela)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR Extension: (GOSave) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdbdoaffinkndakigphmjbfjjhcbagng\3.0 [2014-09-18]
CHR Extension: (GOSave) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdbdoaffinkndakigphmjbfjjhcbagng [2014-09-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://websearch.calcitapp.info/"
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
SearchScopes: HKCU - {22F48301-8620-4F75-B96E-FC55EB4AAC01} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {22F48301-8620-4F75-B96E-FC55EB4AAC01} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {22F48301-8620-4F75-B96E-FC55EB4AAC01} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
ProxyServer: http=127.0.0.1:13845;https=127.0.0.1:13845
HKLM-x32\...\Run: [PureLeads Tray] => C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)

S2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)
R2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)
R2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)

2014-09-19 20:46 - 2014-09-18 13:26 - 00000000 ____D () C:\ProgramData\7cb11316be289221
2014-09-19 20:46 - 2014-02-25 10:26 - 00000258 __RSH () C:\ProgramData\ntuser.pol
C:\Program Files (x86)\PureLeads
C:\Program Files (x86)\Consumer Input

EmptyTemp:
*****************

C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdbdoaffinkndakigphmjbfjjhcbagng\3.0 => Moved successfully.
C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdbdoaffinkndakigphmjbfjjhcbagng => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{22F48301-8620-4F75-B96E-FC55EB4AAC01}" => Key deleted successfully.
"HKCR\CLSID\{22F48301-8620-4F75-B96E-FC55EB4AAC01}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{22F48301-8620-4F75-B96E-FC55EB4AAC01}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{22F48301-8620-4F75-B96E-FC55EB4AAC01}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{22F48301-8620-4F75-B96E-FC55EB4AAC01}" => Key deleted successfully.
"HKCR\CLSID\{22F48301-8620-4F75-B96E-FC55EB4AAC01}" => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PureLeads Tray => value deleted successfully.
plsapp => Service deleted successfully.
PlsvcV1 => Service stopped successfully.
PlsvcV1 => Service deleted successfully.
PlsvcV2 => Service stopped successfully.
PlsvcV2 => Service deleted successfully.
C:\ProgramData\7cb11316be289221 => Moved successfully.
C:\ProgramData\ntuser.pol => Moved successfully.
C:\Program Files (x86)\PureLeads => Moved successfully.
"C:\Program Files (x86)\Consumer Input" => File/Directory not found.
EmptyTemp: => Removed 6 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 29 September 2014 - 04:32 AM

Clean reinstall of Malwarebytes Antimalware
 
 
Remove Malwarebytes Antimalware following theseinstructions.
When finished, reinstall it and run a scan:
 
 
Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 13 October 2014 - 08:10 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users