Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It found win 32 trojans 33 or more


  • This topic is locked This topic is locked
39 replies to this topic

#1 starlight5

starlight5

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 21 October 2014 - 06:20 PM

this is how is started still having popups

 

 

 

This message keeps popping up The page at http://dl1smrtddl-installdaddysa.netdna-ssl.com says:

 

       WARNING! Please Install Update To CONTINUEarrow-10x10.png.  This also popped up trying to post the message

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17116
Run by Jessica at 18:59:22 on 2014-10-21
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3682.1958 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
c:\programdata\trusted publisher\gs_booster\GS_Booster.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: GoSave: {75ddea19-1a7a-4c5d-897b-923bf28cf340} - C:\Program Files (x86)\GOSave\U2jMtlCIgdU73K.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: GoSave: {f404179a-7363-4824-a550-9202a1c1b6b4} - C:\Program Files (x86)\GOSave\DGLoL8sewgKpTo.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll
uRunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C79528B5-2ED4-4FC1-80BE-1FCA0D419D68} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C79528B5-2ED4-4FC1-80BE-1FCA0D419D68}\2556163647 : DHCPNameServer = 192.168.7.254
TCP: Interfaces\{C79528B5-2ED4-4FC1-80BE-1FCA0D419D68}\4616D6F6E676 : DHCPNameServer = 172.16.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=     c:\progra~2\gs_boo~1\assist~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: GoSave: {75ddea19-1a7a-4c5d-897b-923bf28cf340} - C:\Program Files (x86)\GOSave\U2jMtlCIgdU73K.x64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: GoSave: {f404179a-7363-4824-a550-9202a1c1b6b4} - C:\Program Files (x86)\GOSave\DGLoL8sewgKpTo.x64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-11-30 80552]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-11-30 26280]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-11-20 92536]
R2 4d349a54;GS_Sustainer;C:\Windows\System32\rundll32.exe [2012-7-25 51712]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-11-20 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-14 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-14 361984]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-4-1 2436280]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-2-1 1039160]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-11-20 2468496]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe [2014-5-2 144368]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-11-20 239176]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-2-14 94208]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\Drivers\NISx64\1405000.01C\ccsetx64.sys [2014-5-2 169048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-28 137648]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131227.001\IDSviA64.sys [2013-12-27 521944]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-11-20 288328]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-11-20 760032]
R3 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1405000.01C\symds64.sys [2014-5-2 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1405000.01C\symefa64.sys [2014-5-2 1139800]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1405000.01C\ironx64.sys [2014-5-2 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1405000.01C\symnets.sys [2014-5-2 433752]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-11-20 58536]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-1 647736]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-8-14 122584]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-5-7 29424]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-5-7 33008]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-6-1 23552]
S4 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1405000.01C\symelam.sys [2014-5-2 23448]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-10-21 16:24:27 -------- d-----w- C:\Users\Jessica\AppData\Local\Chromatic Browser
2014-10-21 16:24:26 -------- d-----w- C:\Users\Jessica\AppData\Local\Torch
2014-10-21 16:16:42 705480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-21 16:16:42 104904 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-18 01:47:52 275968 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-18 01:47:51 693248 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-18 01:47:50 556544 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-18 01:47:40 10115072 ----a-w- C:\Windows\System32\twinui.dll
2014-10-18 01:47:35 2306560 ----a-w- C:\Windows\System32\authui.dll
2014-10-18 01:47:34 8858112 ----a-w- C:\Windows\SysWow64\twinui.dll
2014-10-18 01:47:31 2146304 ----a-w- C:\Windows\System32\actxprxy.dll
2014-10-18 01:47:29 2885120 ----a-w- C:\Windows\System32\msi.dll
2014-10-18 01:47:28 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2014-10-18 01:47:28 2416128 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-18 01:47:27 2037760 ----a-w- C:\Windows\SysWow64\authui.dll
2014-10-18 01:37:10 79360 ----a-w- C:\Windows\System32\packager.dll
2014-10-18 01:37:10 68096 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 01:36:52 5982208 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-18 01:36:49 5095424 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-18 01:36:45 3248128 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-18 01:36:44 724992 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-18 01:36:44 1125376 ----a-w- C:\Windows\System32\mstsc.exe
2014-10-18 01:36:43 300544 ----a-w- C:\Windows\System32\winsta.dll
2014-10-18 01:36:43 233472 ----a-w- C:\Windows\SysWow64\winsta.dll
2014-10-18 01:36:43 1049600 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-10-18 01:36:42 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-10-18 01:36:04 585728 ----a-w- C:\Windows\System32\rastls.dll
2014-10-18 01:36:04 510464 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-18 01:34:04 3262976 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-10-18 01:29:23 4068352 ----a-w- C:\Windows\System32\win32k.sys
2014-10-18 01:27:53 674304 ----a-w- C:\Windows\System32\drivers\srv2.sys
2014-10-18 01:27:53 61440 ----a-w- C:\Windows\System32\drivers\en-US\srv2.sys.mui
2014-10-18 01:27:53 57856 ----a-w- C:\Windows\System32\drivers\en-US\mrxsmb.sys.mui
2014-10-18 01:27:53 404480 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-10-18 01:27:51 211456 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-10-18 01:27:51 1341952 ----a-w- C:\Windows\System32\user32.dll
2014-10-18 01:27:50 305664 ----a-w- C:\Windows\System32\srvsvc.dll
2014-10-18 01:27:49 250368 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2014-10-18 01:27:48 447296 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2014-10-18 01:27:48 1549824 ----a-w- C:\Windows\System32\msdtctm.dll
2014-10-18 01:27:47 1126400 ----a-w- C:\Windows\SysWow64\user32.dll
2014-10-18 01:27:44 35840 ----a-w- C:\Windows\System32\sscore.dll
2014-10-18 01:27:44 27648 ----a-w- C:\Windows\SysWow64\sscore.dll
2014-10-17 21:43:04 269992 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2014-10-08 02:19:26 -------- d-----w- C:\ProgramData\YoouutuabEAdBllocke
2014-10-08 02:19:24 -------- d-----w- C:\Program Files (x86)\YoouutuabEAdBllocke
2014-10-08 02:18:41 -------- d-----w- C:\ProgramData\GGooSaVe
2014-10-08 02:18:40 -------- d-----w- C:\Program Files (x86)\GGooSaVe
2014-10-08 02:16:27 -------- d-----w- C:\ProgramData\Trusted Publisher
2014-10-08 02:15:46 -------- d-----w- C:\ProgramData\GOSave
2014-10-08 02:15:43 -------- d-----w- C:\Program Files (x86)\GOSave
2014-10-01 17:36:39 -------- d-----w- C:\Windows\ERUNT
2014-10-01 17:20:42 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-10-01 17:15:41 -------- d-----w- C:\AdwCleaner
2014-09-28 21:20:47 -------- d-----w- C:\Program Files (x86)\GS_Booster
2014-09-28 21:18:52 -------- d-----w- C:\ProgramData\e9032df6fbf9f2c6
2014-09-28 21:18:51 -------- d-----w- C:\Users\Jessica\AppData\Local\Comodo
.
==================== Find3M  ====================
.
2014-09-29 02:13:09 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-20 05:17:42 2236928 ----a-w- C:\Windows\System32\wininet.dll
2014-09-20 05:17:32 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-09-20 05:17:32 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-09-20 05:16:11 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-20 05:16:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-20 05:16:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-09-20 05:15:22 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-20 03:57:57 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-20 03:57:50 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-09-20 03:57:04 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-20 03:57:01 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-20 03:57:01 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-09-20 03:56:33 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-20 03:38:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-20 03:33:44 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-20 01:06:59 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-08-28 06:05:35 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\Windows\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\Windows\System32\storewuauth.dll
2014-08-20 23:40:10 732880 ----a-w- C:\Windows\System32\NotificationUI.exe
2014-08-20 17:05:47 694784 ----a-w- C:\Windows\System32\WSShared.dll
2014-08-20 17:05:47 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2014-08-20 17:05:47 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-20 17:02:46 567808 ----a-w- C:\Windows\SysWow64\WSShared.dll
2014-08-20 17:02:46 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-09 08:30:18 148480 ----a-w- C:\Windows\System32\poqexec.exe
2014-08-09 08:29:32 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2014-07-31 23:40:32 1287680 ----a-w- C:\Windows\System32\schedsvc.dll
2014-07-24 03:33:25 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 03:33:01 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
.
============= FINISH: 19:00:59.25 ===============


BC AdBot (Login to Remove)

 


m

#2 starlight5

starlight5
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 24 October 2014 - 05:01 PM

i did the prep work now what do i need to do



#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:56 AM

Posted 25 October 2014 - 04:18 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#4 starlight5

starlight5
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 28 October 2014 - 11:48 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Jessica (administrator) on JESSICA on 28-10-2014 12:35:11
Running from C:\Users\Jessica\Downloads
Loaded Profile: Jessica (Available profiles: Jessica)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\ProgramData\Trusted Publisher\GS_Booster\GS_Booster.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-3446587330-3932189583-2110680161-1002\...\RunOnce: [Uninstall C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3446587330-3932189583-2110680161-1002\...\MountPoints2: {0025dda3-3f66-11e4-be90-a01d486e1131} - "F:\LaunchU3.exe" -a
AppInit_DLLs: C:\PROGRA~2\GS_BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\GS_Booster\Assistant_x64.dll [4210176 2014-10-21] ()
AppInit_DLLs-x32: c:\progra~2\gs_boo~1\assist~1.dll => c:\Program Files (x86)\GS_Booster\Assistant.dll [4296192 2014-10-21] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: GoSave -> {75ddea19-1a7a-4c5d-897b-923bf28cf340} -> C:\Program Files (x86)\GoSave\U2jMtlCIgdU73K.x64.dll ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: GoSave -> {f404179a-7363-4824-a550-9202a1c1b6b4} -> C:\Program Files (x86)\GoSave\DGLoL8sewgKpTo.x64.dll ()
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: GoSave -> {75ddea19-1a7a-4c5d-897b-923bf28cf340} -> C:\Program Files (x86)\GoSave\U2jMtlCIgdU73K.dll ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: GoSave -> {f404179a-7363-4824-a550-9202a1c1b6b4} -> C:\Program Files (x86)\GoSave\DGLoL8sewgKpTo.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-10-21]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GGooSaVe) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajljmgddlnmjahiepdbngphbodileeom [2014-10-07]
CHR Extension: (GoSave) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\beedefkdaelgnbjhamhohgglhfdbemdc [2014-10-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]
CHR Extension: (Save Me) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2014-10-21]
CHR Extension: (GoSave) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjddodfhpojdlmddibkdcadgicbplkp [2014-10-21]
CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 4d349a54; c:\Program Files (x86)\GS_Booster\AssistantSvc.dll [174928 2014-10-21] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-14] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-26] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131227.001\IDSvia64.sys [521944 2013-12-25] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131229.021\ENG64.SYS [126040 2013-12-26] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131229.021\EX64.SYS [2099288 2013-12-26] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-28] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 12:35 - 2014-10-28 12:36 - 00020029 _____ () C:\Users\Jessica\Downloads\FRST.txt
2014-10-28 12:34 - 2014-10-28 12:35 - 00000000 ____D () C:\FRST
2014-10-28 12:34 - 2014-10-28 12:34 - 02113024 _____ (Farbar) C:\Users\Jessica\Downloads\FRST64.exe
2014-10-28 12:28 - 2014-10-28 12:28 - 01104896 _____ (Farbar) C:\Users\Jessica\Downloads\FRST.exe
2014-10-28 12:23 - 2014-10-28 12:23 - 00073072 _____ (Premium Installer ) C:\Users\Jessica\Downloads\setup (3).exe
2014-10-21 19:01 - 2014-10-21 19:07 - 00010180 _____ () C:\Users\Jessica\Desktop\attach.txt
2014-10-21 19:01 - 2014-10-21 19:04 - 00022743 _____ () C:\Users\Jessica\Desktop\dds.txt
2014-10-21 18:58 - 2014-10-21 18:58 - 00688992 ____R (Swearware) C:\Users\Jessica\Downloads\dds.com
2014-10-21 18:49 - 2014-10-21 18:49 - 00071024 _____ (Premium Installer ) C:\Users\Jessica\Downloads\setup (2).exe
2014-10-21 18:39 - 2014-10-21 18:39 - 00071024 _____ (Premium Installer ) C:\Users\Jessica\Downloads\setup (1).exe
2014-10-21 17:33 - 2014-10-21 17:34 - 00431320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 12:29 - 2014-10-21 12:29 - 00004875 _____ () C:\Users\Jessica\Desktop\Easton Corbin i cant love you back lyrics.mp3 - Shortcut.lnk
2014-10-21 12:26 - 2014-10-28 12:14 - 00000496 ____H () C:\Windows\Tasks\GS_Booster-S-576482620.job
2014-10-21 12:26 - 2014-10-21 12:26 - 00002734 _____ () C:\Windows\System32\Tasks\GS_Booster-S-576482620
2014-10-21 12:24 - 2014-10-21 12:24 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Torch
2014-10-21 12:24 - 2014-10-21 12:24 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Chromatic Browser
2014-10-21 12:23 - 2014-10-21 12:23 - 00071536 _____ (Premium Installer ) C:\Users\Jessica\Downloads\setup.exe
2014-10-21 12:22 - 2014-10-21 12:23 - 00945008 _____ () C:\Users\Jessica\Downloads\Easton Corbin i cant love you back lyrics.mp3.exe
2014-10-21 12:16 - 2014-09-29 18:49 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-21 12:16 - 2014-09-29 18:49 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-18 10:19 - 2014-10-18 10:19 - 00001143 _____ () C:\Users\Jessica\Desktop\JRT10-18-2014.txt
2014-10-18 10:09 - 2014-10-18 10:09 - 00001143 _____ () C:\Users\Jessica\Desktop\JRT.txt
2014-10-18 09:54 - 2014-10-14 07:43 - 01705698 _____ (Thisisu) C:\Users\Jessica\Desktop\JRT_NEW.exe
2014-10-18 01:18 - 2014-10-18 01:18 - 00004898 _____ () C:\Users\Jessica\Desktop\10-18-2014esettxt.txt
2014-10-17 21:47 - 2014-10-10 00:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 21:47 - 2014-10-10 00:47 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 21:47 - 2014-10-08 00:26 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 21:47 - 2014-09-17 19:24 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 21:47 - 2014-09-17 18:56 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 21:47 - 2014-08-30 01:48 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-17 21:47 - 2014-08-30 01:46 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-17 21:47 - 2014-08-30 00:05 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-17 21:47 - 2014-08-30 00:03 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-17 21:47 - 2014-06-12 19:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-10-17 21:47 - 2014-06-12 19:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-10-17 21:37 - 2014-09-13 01:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 21:37 - 2014-09-13 00:02 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 21:36 - 2014-09-02 22:48 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 21:36 - 2014-09-02 22:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 21:36 - 2014-07-07 01:53 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 21:36 - 2014-07-07 01:52 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 21:36 - 2014-07-07 01:52 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 21:36 - 2014-07-07 01:52 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 21:36 - 2014-07-07 01:51 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 21:36 - 2014-07-07 00:01 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 21:36 - 2014-07-07 00:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 21:36 - 2014-07-07 00:00 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 21:36 - 2014-07-06 23:59 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 21:33 - 2014-07-12 00:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-10-17 21:33 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 21:33 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 21:33 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 21:33 - 2014-07-12 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 21:33 - 2014-07-12 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 21:33 - 2014-07-12 00:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-10-17 21:33 - 2014-07-12 00:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 21:33 - 2014-07-12 00:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 21:33 - 2014-07-12 00:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 21:33 - 2014-07-12 00:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 21:33 - 2014-07-12 00:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 21:33 - 2014-07-11 20:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 21:33 - 2014-07-11 20:00 - 00478352 _____ () C:\Windows\system32\locale.nls
2014-10-17 21:33 - 2014-07-08 18:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-10-17 21:33 - 2014-07-08 18:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-10-17 21:33 - 2014-07-08 18:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-10-17 21:33 - 2014-07-08 18:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-10-17 21:33 - 2014-07-07 01:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-10-17 21:33 - 2014-07-07 01:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-10-17 21:33 - 2014-07-04 06:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-10-17 21:33 - 2014-07-02 21:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-17 21:33 - 2014-07-02 20:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-17 21:33 - 2014-06-28 03:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-10-17 21:33 - 2014-06-28 02:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-10-17 21:33 - 2014-06-28 02:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-10-17 21:33 - 2014-06-25 03:09 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-17 21:33 - 2014-06-25 03:07 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-17 21:33 - 2014-06-17 19:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-17 21:33 - 2014-06-17 19:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-17 21:33 - 2014-06-11 10:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-10-17 21:33 - 2014-06-11 00:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-10-17 21:33 - 2014-06-10 18:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-17 21:33 - 2014-05-29 19:31 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-17 21:33 - 2014-05-29 19:03 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-17 21:33 - 2014-02-04 06:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-17 21:29 - 2014-09-28 00:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 21:28 - 2014-09-20 01:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 21:28 - 2014-09-20 01:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 21:28 - 2014-09-20 01:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 21:28 - 2014-09-20 01:17 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-10-17 21:28 - 2014-09-20 01:17 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 21:28 - 2014-09-20 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 21:28 - 2014-09-20 01:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 21:28 - 2014-09-20 01:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 21:28 - 2014-09-20 01:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 21:28 - 2014-09-19 23:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 21:28 - 2014-09-19 23:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 21:28 - 2014-09-19 23:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 21:28 - 2014-09-19 23:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 21:28 - 2014-09-19 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 21:28 - 2014-09-19 23:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 21:28 - 2014-09-19 21:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-10-17 21:27 - 2014-08-01 18:08 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-17 21:27 - 2014-07-24 09:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-10-17 21:27 - 2014-07-16 19:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-10-17 21:27 - 2014-07-16 18:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-10-17 21:27 - 2014-07-16 18:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-10-17 21:27 - 2014-07-12 02:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-10-17 21:27 - 2014-07-12 00:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-10-17 21:27 - 2014-07-12 00:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-17 21:27 - 2014-07-12 00:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-17 21:27 - 2014-07-12 00:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-10-17 21:27 - 2014-06-28 02:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-10-17 21:27 - 2014-06-27 22:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-10-07 22:19 - 2014-10-18 01:07 - 00000000 ____D () C:\ProgramData\YoouutuabEAdBllocke
2014-10-07 22:19 - 2014-10-18 01:06 - 00000000 ____D () C:\Program Files (x86)\YoouutuabEAdBllocke
2014-10-07 22:18 - 2014-10-18 01:07 - 00000000 ____D () C:\ProgramData\GGooSaVe
2014-10-07 22:18 - 2014-10-18 01:06 - 00000000 ____D () C:\Program Files (x86)\GGooSaVe
2014-10-07 22:16 - 2014-10-07 22:16 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-10-07 22:15 - 2014-10-21 17:51 - 00000000 ____D () C:\ProgramData\GOSave
2014-10-07 22:15 - 2014-10-21 17:51 - 00000000 ____D () C:\Program Files (x86)\GOSave
2014-10-07 22:15 - 2014-10-07 22:15 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-10-07 22:15 - 2014-10-07 22:15 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-10-07 22:15 - 2014-10-07 22:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-10-07 22:15 - 2014-10-07 22:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-10-07 22:15 - 2014-10-07 22:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-07 22:15 - 2014-10-07 22:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-07 21:21 - 2014-10-07 21:22 - 13284352 _____ () C:\Users\Jessica\Downloads\Chapter 9.ppt
2014-10-05 17:55 - 2014-10-05 17:55 - 00448512 _____ (OldTimer Tools) C:\Users\Jessica\Downloads\TFC.exe
2014-10-01 22:57 - 2014-10-01 22:57 - 00002540 _____ () C:\Users\Jessica\Desktop\esetscan.txt
2014-10-01 13:56 - 2014-10-01 13:56 - 02347384 _____ (ESET) C:\Users\Jessica\Downloads\esetsmartinstaller_enu (3).exe
2014-10-01 13:55 - 2014-10-01 13:56 - 02347384 _____ (ESET) C:\Users\Jessica\Downloads\esetsmartinstaller_enu (1).exe
2014-10-01 13:55 - 2014-10-01 13:55 - 01701878 _____ (Thisisu) C:\Users\Jessica\Downloads\JRT (1).exe
2014-10-01 13:36 - 2014-10-01 13:36 - 01701878 _____ (Thisisu) C:\Users\Jessica\Downloads\JRT.exe
2014-10-01 13:36 - 2014-10-01 13:36 - 00000000 ____D () C:\Windows\ERUNT
2014-10-01 13:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-01 13:15 - 2014-10-01 13:28 - 00000000 ____D () C:\AdwCleaner
2014-10-01 10:32 - 2014-10-01 10:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jessica\Downloads\tdsskiller.exe
2014-10-01 10:22 - 2014-10-01 10:22 - 00040410 _____ () C:\Users\Jessica\Desktop\Result.txt
2014-10-01 10:20 - 2014-10-01 10:21 - 00040410 _____ () C:\Users\Jessica\Downloads\Result.txt
2014-10-01 10:19 - 2014-10-01 10:19 - 00401920 _____ (Farbar) C:\Users\Jessica\Downloads\MiniToolBox.exe
2014-09-30 22:00 - 2014-09-30 22:00 - 00244136 _____ () C:\Users\Jessica\Downloads\Firefox Setup Stub 32.0.3.exe
2014-09-28 17:20 - 2014-10-21 17:52 - 00000000 ____D () C:\Program Files (x86)\GS_Booster
2014-09-28 17:18 - 2014-10-21 17:51 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-28 17:18 - 2014-10-21 17:51 - 00000000 ____D () C:\ProgramData\e9032df6fbf9f2c6
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Comodo
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\Guest
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\Administrator

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 12:34 - 2013-12-26 13:05 - 01796993 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 12:19 - 2013-12-26 13:11 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5FB33E14-C30B-49B2-BD5B-8C9B4A22E95F}
2014-10-28 12:15 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-28 12:14 - 2013-12-26 14:10 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 22:06 - 2013-12-26 14:10 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 18:00 - 2014-02-25 00:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-21 17:54 - 2014-01-21 04:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-21 17:40 - 2012-07-26 03:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 17:34 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 17:33 - 2012-08-03 18:23 - 00029494 _____ () C:\Windows\PFRO.log
2014-10-21 12:18 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-21 12:12 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-21 12:10 - 2014-08-04 21:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-21 12:10 - 2012-07-26 04:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-21 12:09 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
2014-10-18 10:10 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-18 09:58 - 2013-12-30 01:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 09:49 - 2013-12-30 01:26 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-18 09:48 - 2014-04-02 23:33 - 00352256 ___SH () C:\Users\Jessica\Downloads\Thumbs.db
2014-10-18 09:45 - 2014-08-14 15:48 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-18 09:45 - 2014-08-14 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-18 09:45 - 2014-08-14 15:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 19:28 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-10-07 21:23 - 2013-12-26 13:06 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Packages
2014-10-01 13:28 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-10-01 00:33 - 2013-12-26 13:05 - 00000000 ____D () C:\Users\Jessica
2014-09-30 23:11 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-09-28 22:13 - 2014-08-14 15:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-28 17:47 - 2013-12-26 14:10 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-28 17:32 - 2014-01-21 04:24 - 00000000 ___RD () C:\Users\Jessica\SkyDrive
2014-09-28 17:28 - 2013-12-26 14:13 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-28 17:18 - 2013-12-26 14:08 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Google
2014-09-28 17:18 - 2012-07-26 04:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-28 17:18 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\8DCFE.exe
C:\Users\Jessica\AppData\Local\Temp\d90Ad2130D588.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-18 09:44

==================== End Of Log ============================

#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:56 AM

Posted 29 October 2014 - 04:13 PM

Hi,

 

You forgot to post the Addition.txt?

 

 

Regards,

Georgi


cXfZ4wS.png


#6 starlight5

starlight5
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 29 October 2014 - 08:46 PM

sorry i thought i did i will attach it again

 



#7 starlight5

starlight5
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 29 October 2014 - 09:02 PM

Attached File  attach.txt   9.94KB   1 downloads



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:56 AM

Posted 30 October 2014 - 12:47 AM

Hello,

 

This is not Addition.txt created by Farbar Recovery Scan Tool but Attach.txt created by DDS.

Please re-run Farbar Recovery Scan Tool and make sure that Addition.txt is checked before you press the Scan button.

Next please attach the log - Addition.txt in your next reply. :)

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#9 starlight5

starlight5
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 30 October 2014 - 06:43 AM

sorry here it is

Attached Files



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:56 AM

Posted 30 October 2014 - 07:06 AM

Hi,

 

 

STEP 1

 

 

Please download and install Revo Uninstaller 1.95.
Then please run Revo Uninstaller and select DiegiCCouupon.
Please click Uninstall icon to uninstall the selected program.
Please choose Advanced.
Then click Next and follow the prompts.
Please click Select All and Delete to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.

Repeat the steps for the programs below:

 

GoSave
GS_Booster

GS_Sustainer 1.80
YoouutuabEAdBllocke

 

 

STEP 2

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi

 


cXfZ4wS.png


#11 starlight5

starlight5
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 30 October 2014 - 05:33 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
Ran by Jessica at 2014-10-30 18:23:03 Run:1
Running from C:\Users\Jessica\Downloads
Loaded Profile: Jessica (Available profiles: Jessica)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
() C:\ProgramData\Trusted Publisher\GS_Booster\GS_Booster.exe
AppInit_DLLs: C:\PROGRA~2\GS_BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\GS_Booster\Assistant_x64.dll [4210176 2014-10-21] ()
AppInit_DLLs-x32: c:\progra~2\gs_boo~1\assist~1.dll => c:\Program Files (x86)\GS_Booster\Assistant.dll [4296192 2014-10-21] ()
R2 4d349a54; c:\Program Files (x86)\GS_Booster\AssistantSvc.dll [174928 2014-10-21] () [File not signed]
C:\ProgramData\Trusted Publisher
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: GoSave -> {75ddea19-1a7a-4c5d-897b-923bf28cf340} -> C:\Program Files (x86)\GoSave\U2jMtlCIgdU73K.x64.dll ()
BHO: GoSave -> {f404179a-7363-4824-a550-9202a1c1b6b4} -> C:\Program Files (x86)\GoSave\DGLoL8sewgKpTo.x64.dll ()
BHO-x32: GoSave -> {75ddea19-1a7a-4c5d-897b-923bf28cf340} -> C:\Program Files (x86)\GoSave\U2jMtlCIgdU73K.dll ()
BHO-x32: GoSave -> {f404179a-7363-4824-a550-9202a1c1b6b4} -> C:\Program Files (x86)\GoSave\DGLoL8sewgKpTo.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR Extension: (GGooSaVe) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajljmgddlnmjahiepdbngphbodileeom [2014-10-07]
CHR Extension: (GoSave) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\beedefkdaelgnbjhamhohgglhfdbemdc [2014-10-21]
CHR Extension: (Save Me) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2014-10-21]
CHR Extension: (GoSave) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjddodfhpojdlmddibkdcadgicbplkp [2014-10-21]
C:\Program Files (x86)\GoSave
2014-10-21 12:26 - 2014-10-28 12:14 - 00000496 ____H () C:\Windows\Tasks\GS_Booster-S-576482620.job
2014-10-21 12:26 - 2014-10-21 12:26 - 00002734 _____ () C:\Windows\System32\Tasks\GS_Booster-S-576482620
2014-10-21 12:24 - 2014-10-21 12:24 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Torch
2014-10-21 12:24 - 2014-10-21 12:24 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Chromatic Browser
cmd: type C:\Users\Jessica\Desktop\JRT10-18-2014.txt
cmd: type C:\Users\Jessica\Desktop\JRT.txt
cmd: type C:\Users\Jessica\Desktop\10-18-2014esettxt.txt
cmd: type C:\Users\Jessica\Desktop\esetscan.txt
cmd: type C:\Users\Jessica\Desktop\Result.txt
2014-10-07 22:19 - 2014-10-18 01:07 - 00000000 ____D () C:\ProgramData\YoouutuabEAdBllocke
2014-10-07 22:19 - 2014-10-18 01:06 - 00000000 ____D () C:\Program Files (x86)\YoouutuabEAdBllocke
2014-10-07 22:18 - 2014-10-18 01:07 - 00000000 ____D () C:\ProgramData\GGooSaVe
2014-10-07 22:18 - 2014-10-18 01:06 - 00000000 ____D () C:\Program Files (x86)\GGooSaVe
2014-10-07 22:16 - 2014-10-07 22:16 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-10-07 22:15 - 2014-10-21 17:51 - 00000000 ____D () C:\ProgramData\GOSave
2014-10-07 22:15 - 2014-10-21 17:51 - 00000000 ____D () C:\Program Files (x86)\GOSave
2014-10-07 22:15 - 2014-10-07 22:15 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-10-07 22:15 - 2014-10-07 22:15 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-10-07 22:15 - 2014-10-07 22:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-10-07 22:15 - 2014-10-07 22:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-10-07 22:15 - 2014-10-07 22:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-07 22:15 - 2014-10-07 22:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-28 17:20 - 2014-10-21 17:52 - 00000000 ____D () C:\Program Files (x86)\GS_Booster
2014-09-28 17:18 - 2014-10-21 17:51 - 00000000 ____D () C:\ProgramData\e9032df6fbf9f2c6
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Comodo
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-28 17:18 - 2014-09-28 17:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
Task: {EEA733AC-E347-45E2-940A-6E653CAF9E72} - System32\Tasks\GS_Booster-S-576482620 => c:\programdata\trusted publisher\gs_booster\GS_Booster.exe [2013-10-21] () <==== ATTENTION
Task: C:\Windows\Tasks\GS_Booster-S-576482620.job => c:\programdata\trusted publisher\gs_booster\GS_Booster.exe <==== ATTENTION
CMD: bitsadmin /reset /allusers
emptytemp:
end
*****************
 
C:\ProgramData\Trusted Publisher\GS_Booster\GS_Booster.exe => No running process found
"C:\PROGRA~2\GS_BOO~1\ASSIST~2.DLL" => Value Data not found.
"c:\progra~2\gs_boo~1\assist~1.dll" => Value Data not found.
4d349a54 => Service not found.
C:\ProgramData\Trusted Publisher => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75ddea19-1a7a-4c5d-897b-923bf28cf340}" => Key deleted successfully.
"HKCR\CLSID\{75ddea19-1a7a-4c5d-897b-923bf28cf340}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f404179a-7363-4824-a550-9202a1c1b6b4}" => Key not found.
"HKCR\CLSID\{f404179a-7363-4824-a550-9202a1c1b6b4}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75ddea19-1a7a-4c5d-897b-923bf28cf340}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{75ddea19-1a7a-4c5d-897b-923bf28cf340}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f404179a-7363-4824-a550-9202a1c1b6b4}" => Key not found.
"HKCR\Wow6432Node\CLSID\{f404179a-7363-4824-a550-9202a1c1b6b4}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajljmgddlnmjahiepdbngphbodileeom => Moved successfully.
C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\beedefkdaelgnbjhamhohgglhfdbemdc => Moved successfully.
C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi => Moved successfully.
C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjddodfhpojdlmddibkdcadgicbplkp => Moved successfully.
C:\Program Files (x86)\GoSave => Moved successfully.
"C:\Windows\Tasks\GS_Booster-S-576482620.job" => File/Directory not found.
"C:\Windows\System32\Tasks\GS_Booster-S-576482620" => File/Directory not found.
C:\Users\Jessica\AppData\Local\Torch => Moved successfully.
C:\Users\Jessica\AppData\Local\Chromatic Browser => Moved successfully.
 
=========  type C:\Users\Jessica\Desktop\JRT10-18-2014.txt =========
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 8 x64
Ran by Jessica on Sat 10/18/2014 at  9:58:06.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Jessica\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Jessica\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\DiegiCCouupon
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\local\chromatic browser"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\local\torch"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/18/2014 at 10:09:07.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
========= End of CMD: =========
 
 
=========  type C:\Users\Jessica\Desktop\JRT.txt =========
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 8 x64
Ran by Jessica on Sat 10/18/2014 at  9:58:06.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Jessica\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Jessica\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\DiegiCCouupon
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\local\chromatic browser"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\local\torch"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/18/2014 at 10:09:07.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
========= End of CMD: =========
 
 
=========  type C:\Users\Jessica\Desktop\10-18-2014esettxt.txt =========
 
C:\Users\All Users\DiegiCCouupon\mAhgxtiWXl2IjU.dll a variant of Win32/AdWare.MultiPlug.BN application
C:\Users\All Users\DiegiCCouupon\mAhgxtiWXl2IjU.exe a variant of Win32/AdWare.MultiPlug.BN application
C:\Users\All Users\DiegiCCouupon\mAhgxtiWXl2IjU.x64.dll a variant of Win64/Adware.MultiPlug.E application
C:\Users\All Users\GGooSaVe\FphnkmDCG5OcyTx.exe a variant of Win32/AdWare.MultiPlug.CO application
C:\Users\All Users\GOSave\8tSZlZWP1EgbT8O.exe a variant of Win32/AdWare.MultiPlug.CO application
C:\Users\All Users\Trusted Publisher\GS_Booster\GS_Booster.exe Win32/TrojanDownloader.Agent.ACF trojan
C:\Users\All Users\YoouutuabEAdBllocke\RFoxanpG9B1ifvx.exe a variant of Win32/AdWare.MultiPlug.CO application
C:\Program Files (x86)\GGooSaVe\j8PEoksqi4yj4v.dll a variant of Win32/AdWare.MultiPlug.BN application cleaned by deleting - quarantined
C:\Program Files (x86)\GGooSaVe\j8PEoksqi4yj4v.x64.dll a variant of Win64/Adware.MultiPlug.E application cleaned by deleting - quarantined
C:\Program Files (x86)\GOSave\a1BZNoevULeJ36.dll a variant of Win32/AdWare.MultiPlug.BN application cleaned by deleting - quarantined
C:\Program Files (x86)\GOSave\a1BZNoevULeJ36.x64.dll a variant of Win64/Adware.MultiPlug.E application cleaned by deleting - quarantined
C:\Program Files (x86)\GS_Booster\Assistant.dll a variant of Win32/SProtector.D potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\GS_Booster\AssistantSvc.dll a variant of Win32/SProtector.D potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\GS_Booster\Assistant_x64.dll a variant of Win64/SProtector.B potentially unwanted application deleted - quarantined
C:\Program Files (x86)\YoouutuabEAdBllocke\PddXBDeZyQYZ87.dll a variant of Win32/AdWare.MultiPlug.BN application cleaned by deleting - quarantined
C:\Program Files (x86)\YoouutuabEAdBllocke\PddXBDeZyQYZ87.x64.dll a variant of Win64/Adware.MultiPlug.E application cleaned by deleting - quarantined
C:\ProgramData\DiegiCCouupon\mAhgxtiWXl2IjU.dll a variant of Win32/AdWare.MultiPlug.BN application cleaned by deleting - quarantined
C:\ProgramData\DiegiCCouupon\mAhgxtiWXl2IjU.exe a variant of Win32/AdWare.MultiPlug.BN application cleaned by deleting - quarantined
C:\ProgramData\DiegiCCouupon\mAhgxtiWXl2IjU.x64.dll a variant of Win64/Adware.MultiPlug.E application cleaned by deleting - quarantined
C:\ProgramData\GGooSaVe\FphnkmDCG5OcyTx.exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined
C:\ProgramData\GOSave\8tSZlZWP1EgbT8O.exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined
C:\ProgramData\Trusted Publisher\GS_Booster\GS_Booster.exe Win32/TrojanDownloader.Agent.ACF trojan cleaned by deleting (after the next restart) - quarantined
C:\ProgramData\YoouutuabEAdBllocke\RFoxanpG9B1ifvx.exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\4C7596350.exe a variant of Win32/AdWare.MultiPlug.CN application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\8D2e6.exe a variant of Win32/AdWare.MultiPlug.CN application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\Afa4E981Ad0.exe a variant of Win32/AdWare.MultiPlug.CN application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\6c6F3429d\temp\putfu.exe a variant of Win32/SProtector.H potentially unwanted application deleted - quarantined
C:\Users\Jessica\AppData\Local\Temp\6c6F3429d\temp\setupbc.exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\6c6F3429d\temp\setupespl.exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\6c6F3429d\temp\setupytb.exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\6c6F3429d\temp\usetup.exe Win32/TrojanDownloader.Agent.ACF trojan cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\Ca452f3d787\temp\extIE_setup.exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\Ca452f3d787\temp\putfu.exe a variant of Win32/SProtector.H potentially unwanted application deleted - quarantined
C:\Users\Jessica\AppData\Local\Temp\Ca452f3d787\temp\setupespl.exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\Ca452f3d787\temp\usetup.exe Win32/TrojanDownloader.Agent.ACF trojan cleaned by deleting - quarantined
C:\Users\Jessica\Downloads\Keith Urban - Days Go By.mp3.exe a variant of Win32/AdWare.MultiPlug.CN application cleaned by deleting - quarantined
 
========= End of CMD: =========
 
 
=========  type C:\Users\Jessica\Desktop\esetscan.txt =========
 
C:\$Recycle.Bin\S-1-5-21-3446587330-3932189583-2110680161-1002\$RQZGO62.exe a variant of Win32/AdWare.MultiPlug.CN application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GoSavvE\yTnXFs8Hdfsf5J.dll.vir a variant of Win32/AdWare.MultiPlug.BN application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GoSavvE\yTnXFs8Hdfsf5J.x64.dll.vir a variant of Win64/Adware.MultiPlug.E application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\GoSavvE\thIOK1inWG9RxyZ.exe.vir a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Trusted Publisher\GS_Booster\GS_Booster.exe.vir Win32/TrojanDownloader.Agent.ACF trojan cleaned by deleting - quarantined
C:\Program Files (x86)\GS_Booster\Assistant.dll a variant of Win32/SProtector.D potentially unwanted application deleted - quarantined
C:\Program Files (x86)\GS_Booster\AssistantSvc.dll a variant of Win32/SProtector.D potentially unwanted application deleted - quarantined
C:\Program Files (x86)\GS_Booster\Assistant_x64.dll a variant of Win64/SProtector.B potentially unwanted application deleted - quarantined
C:\Users\Jessica\AppData\Local\Temp\11b57C3f.exe a variant of Win32/AdWare.MultiPlug.CN application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\optprosetup.exe multiple threats cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\6A9B476\temp\extIE_setup.exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\6A9B476\temp\OpProSetup.exe a variant of Win32/AdWare.SpeedingUpMyPC.N application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\6A9B476\temp\putfu.exe a variant of Win32/SProtector.H potentially unwanted application deleted - quarantined
C:\Users\Jessica\AppData\Local\Temp\6A9B476\temp\setupespl.exe a variant of Win32/AdWare.MultiPlug.CO application cleaned by deleting - quarantined
C:\Users\Jessica\AppData\Local\Temp\6A9B476\temp\usetup.exe Win32/TrojanDownloader.Agent.ACF trojan cleaned by deleting - quarantined
 
========= End of CMD: =========
 
 
=========  type C:\Users\Jessica\Desktop\Result.txt =========
 
MiniToolBox by Farbar  Version: 21-07-2014
Ran by Jessica (administrator) on 01-10-2014 at 10:20:53
Running from "C:\Users\Jessica\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : jessica
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-DB-30-C8-1C-9A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : A4-DB-30-C8-1C-9A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:3ac7:390::48(Preferred) 
   Lease Obtained. . . . . . . . . . : Wednesday, October 1, 2014 9:40:41 AM
   Lease Expires . . . . . . . . . . : Friday, October 31, 2014 9:40:41 AM
   IPv6 Address. . . . . . . . . . . : 2602:306:3ac7:390:8575:88ff:23fd:8ba9(Preferred) 
   Temporary IPv6 Address. . . . . . : 2602:306:3ac7:390:8d06:84c3:f13f:108b(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::8575:88ff:23fd:8ba9%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.154(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, September 30, 2014 9:43:15 PM
   Lease Expires . . . . . . . . . . : Thursday, October 2, 2014 9:40:37 AM
   Default Gateway . . . . . . . . . : fe80::3260:23ff:fe81:bc80%13
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 329571120
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-1F-0B-6D-A0-1D-48-6E-11-31
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : A0-1D-48-6E-11-31
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.attlocal.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 13:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:14db:3afb:3f57:fe65(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::14db:3afb:3f57:fe65%17(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dsldevice.attlocal.net
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2607:f8b0:4009:806::100e
 173.194.46.96
 173.194.46.103
 173.194.46.105
 173.194.46.100
 173.194.46.110
 173.194.46.102
 173.194.46.97
 173.194.46.101
 173.194.46.98
 173.194.46.104
 173.194.46.99
 
 
Pinging google.com [2607:f8b0:4009:803::1000] with 32 bytes of data:
Reply from 2607:f8b0:4009:803::1000: time=55ms 
Reply from 2607:f8b0:4009:803::1000: time=53ms 
 
Ping statistics for 2607:f8b0:4009:803::1000:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 53ms, Maximum = 55ms, Average = 54ms
Server:  dsldevice.attlocal.net
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=100ms TTL=45
Reply from 206.190.36.45: bytes=32 time=99ms TTL=45
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 99ms, Maximum = 100ms, Average = 99ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...16 db 30 c8 1c 9a ......Microsoft Wi-Fi Direct Virtual Adapter
 13...a4 db 30 c8 1c 9a ......Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
 12...a0 1d 48 6e 11 31 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.154     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.154    281
    192.168.1.154  255.255.255.255         On-link     192.168.1.154    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.154    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.154    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.154    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    281 ::/0                     fe80::3260:23ff:fe81:bc80
  1    306 ::1/128                  On-link
 17    306 2001::/32                On-link
 17    306 2001:0:5ef5:79fd:14db:3afb:3f57:fe65/128
                                    On-link
 13    281 2602:306:3ac7:390::/64   On-link
 13     41 2602:306:3ac7:390::/64   fe80::3260:23ff:fe81:bc80
 13    281 2602:306:3ac7:390::48/128
                                    On-link
 13    281 2602:306:3ac7:390:8575:88ff:23fd:8ba9/128
                                    On-link
 13    281 2602:306:3ac7:390:8d06:84c3:f13f:108b/128
                                    On-link
 13    281 fe80::/64                On-link
 17    306 fe80::/64                On-link
 17    306 fe80::14db:3afb:3f57:fe65/128
                                    On-link
 13    281 fe80::8575:88ff:23fd:8ba9/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/01/2014 10:13:27 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (10/01/2014 00:34:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15678
 
Error: (10/01/2014 00:34:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15678
 
Error: (10/01/2014 00:34:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/30/2014 10:56:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (09/30/2014 10:53:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/30/2014 10:08:28 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (09/30/2014 09:47:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: msfeedssync.exe, version: 10.0.9200.16384, time stamp: 0x50109c69
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x10f0
Faulting application start time: 0xmsfeedssync.exe0
Faulting application path: msfeedssync.exe1
Faulting module path: msfeedssync.exe2
Report Id: msfeedssync.exe3
Faulting package full name: msfeedssync.exe4
Faulting package-relative application ID: msfeedssync.exe5
 
Error: (09/30/2014 09:43:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x858
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
Error: (09/30/2014 09:43:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x680
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5
 
 
System errors:
=============
Error: (09/30/2014 09:45:50 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (09/30/2014 09:43:50 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/30/2014 09:43:34 PM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053
 
Error: (09/30/2014 09:43:34 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
 
Error: (09/28/2014 05:50:28 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (09/28/2014 05:18:51 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/28/2014 04:25:02 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (09/18/2014 03:01:31 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:44:29 AM on ‎9/‎17/‎2014 was unexpected.
 
Error: (09/15/2014 01:45:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8 for x64-based Systems (KB2996851).
 
Error: (09/15/2014 01:44:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8 for x64-based Systems (KB2973544).
 
 
Microsoft Office Sessions:
=========================
 
 
=========================== Installed Programs ============================
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0313.2329.40379 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3.5901 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.3.2608 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5108 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.8.5108 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.6.6119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoSavvE (HKLM-x32\...\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}) (Version: 3.3.0.1355 - )
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GS_Booster (HKLM-x32\...\S-576482620) (Version: 2.0.0.1271 - PremiumSoft)
GS_Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{4d349a54}) (Version:  - Certified Publisher)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}) (Version: 1.4.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 9.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{B2F0406F-1609-489A-8626-7DB46776AB57}) (Version: 1.0.5 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
LiveSupport (HKLM-x32\...\LiveSupport_is1) (Version: 1.2.8.0 - PC Utilities Software Limited)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.1 - PC Utilities Software Limited)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Sims™ 2 Double Deluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
========================= Memory info: ===================================
 
Percentage of memory in use: 44%
Total physical RAM: 3682.26 MB
Available physical RAM: 2028.68 MB
Total Pagefile: 4322.26 MB
Available Pagefile: 2290.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.18 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:275.36 GB) (Free:173.96 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:21.96 GB) (Free:2.23 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\JESSICA
 
Administrator            Guest                    Jessica                  
 
 
**** End of log ****
 
========= End of CMD: =========
 
C:\ProgramData\YoouutuabEAdBllocke => Moved successfully.
C:\Program Files (x86)\YoouutuabEAdBllocke => Moved successfully.
C:\ProgramData\GGooSaVe => Moved successfully.
C:\Program Files (x86)\GGooSaVe => Moved successfully.
"C:\ProgramData\Trusted Publisher" => File/Directory not found.
C:\ProgramData\GOSave => Moved successfully.
"C:\Program Files (x86)\GOSave" => File/Directory not found.
C:\Users\HomeGroupUser$\AppData\Local\Torch => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Guest\AppData\Local\Torch => Moved successfully.
C:\Users\Guest\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Administrator\AppData\Local\Torch => Moved successfully.
C:\Users\Administrator\AppData\Local\Chromatic Browser => Moved successfully.
"C:\Program Files (x86)\GS_Booster" => File/Directory not found.
C:\ProgramData\e9032df6fbf9f2c6 => Moved successfully.
C:\Users\Jessica\AppData\Local\Comodo => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Comodo => Moved successfully.
C:\Users\Guest\AppData\Local\Google => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo => Moved successfully.
C:\Users\Administrator\AppData\Local\Google => Moved successfully.
C:\Users\Administrator\AppData\Local\Comodo => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEA733AC-E347-45E2-940A-6E653CAF9E72}" => Key not found.
C:\Windows\System32\Tasks\GS_Booster-S-576482620 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GS_Booster-S-576482620" => Key not found.
C:\Windows\Tasks\GS_Booster-S-576482620.job not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.6.9200 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {5061ADD5-6C8F-4403-8FA0-E59CA9A33FFF}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 479 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:56 AM

Posted 30 October 2014 - 06:50 PM

Hi,

 

 

Next I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

That's it for now. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#13 starlight5

starlight5
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 31 October 2014 - 02:56 PM

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/31/2014 01:25:22 AM in x64 mode.
Windows Version: Windows 8 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 10/31/2014 01:27:52 AM
Execution time: 0 hours(s), 2 minute(s), and 30 seconds(s)
 
 
 


#14 starlight5

starlight5
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 31 October 2014 - 03:11 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/31/2014
Scan Time: 7:20:07 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.31.03
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Jessica
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352043
Time Elapsed: 30 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
HitmanPro 3.7.9.232
www.hitmanpro.com
 
   Computer name . . . . : JESSICA
   Windows . . . . . . . : 6.2.0.9200.X64/2
   User name . . . . . . : JESSICA\Jessica
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-10-31 08:21:24
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 52s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 10
 
   Objects scanned . . . : 2,126,155
   Files scanned . . . . : 29,110
   Remnants scanned  . . : 339,002 files / 1,758,043 keys
 
Malware _____________________________________________________________________
 
   C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\setup.exe
      Size . . . . . . . : 3,715,072 bytes
      Age  . . . . . . . : 0.6 days (2014-10-30 17:53:31)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 4AC918D9CE5A353163527CD9CE972C736894F3E45A78238095DB23DD70943A03
    > Bitdefender  . . . : Gen:Variant.Adware.Strictor.67293
    > Kaspersky  . . . . : Trojan.Win32.Adond.kysz
      Fuzzy  . . . . . . : 104.0
      Forensic Cluster
          0.0s C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\setup.exe
          0.0s C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\setup.exe
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\Jessica\Downloads\FRST-OlderVersion\FRST.exe
      Size . . . . . . . : 1,104,896 bytes
      Age  . . . . . . . : 2.8 days (2014-10-28 12:28:08)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 8586857C7D46A2B30B04DECF41CDC743C73C3AED86D0DBE946FCBAE091134122
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\Jessica\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,113,024 bytes
      Age  . . . . . . . : 2.8 days (2014-10-28 12:34:11)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 9414025AB0585D2AEF7C95651E20EE27AC2C02D8A57B0E42C3F50D35E02D6850
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Jessica\Downloads\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Jessica\Downloads\FRST-OlderVersion\FRST64.exe
 
   C:\Users\Jessica\Downloads\FRST64.exe
      Size . . . . . . . : 2,113,536 bytes
      Age  . . . . . . . : 0.6 days (2014-10-30 18:22:49)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : F96AAB9D91C97446680F0CCD75D0732887C4B4E055EAF2338DC23B03BF71D625
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\Jessica\Downloads\MiniToolBox.exe
      Size . . . . . . . : 401,920 bytes
      Age  . . . . . . . : 29.9 days (2014-10-01 10:19:37)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 55ADA329F40AC0E0F13EC464E56D09C12078ADEF021A934F059BCD3E962EC46E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      Forensic Cluster
          0.0s C:\Users\Jessica\Downloads\MiniToolBox.exe
          0.0s C:\Users\Jessica\Downloads\MiniToolBox.exe
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}\ (FLV Player)
   HKLM\SOFTWARE\Wow6432Node\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKLM\SOFTWARE\Wow6432Node\{77D46E27-0E41-4478-87A6-AABE6FBCF252}\ (PCBooster)
   HKU\S-1-5-21-3446587330-3932189583-2110680161-1002\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
 
Cookies _____________________________________________________________________
 
   C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
 
 
 
9ED37F6B3EE671AB3893DF8717A, 27424B61B7DC9F70C7894A524B20AB4DD8E0974FF1BF9A901BE2741A54A526FE ] 
 


#15 starlight5

starlight5
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 31 October 2014 - 03:34 PM

it cant get it to post here either im going to try to attach it tdskiller

nothing is working to post this one have tried pasting just half of it and that still is not working






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users