Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots of ads opening in new tabs, PCKeeper ads, Tune up your Mac, lagging compute


  • This topic is locked This topic is locked
32 replies to this topic

#1 nolavf

nolavf

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:04:36 AM

Posted 13 November 2014 - 10:53 PM

Hello,

I'm frustrated with the way my computer is running. My computer has a lot of double underlined words that show ads when you hover the mouse it. Many different ads pop up, especially when I go to sign in into a website like Facebook or Reddit. My anti-virus is Microsoft Security Essentials and anti-malware is Malwarebytes, nothing shows up when I run a scan. Thank you in advance.



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 AM

Posted 19 November 2014 - 09:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556060 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nolavf

nolavf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:04:36 AM

Posted 19 November 2014 - 08:11 PM

I hope I did this right! Thank you so much! :)

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.67.2
Run by Fernandez at 18:59:56 on 2014-11-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4040.2371 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Gateway\Gateway TouchPortal\YouCam\YCMMirage.exe
C:\Program Files (x86)\Gateway\Gateway TouchPortal\YouCam\YouCamTray.exe
C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [HP Deskjet 3510 series (NET)] "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN35P1HGP205Y7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe na
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [YouCam Mirage] "C:\Program Files (x86)\Gateway\Gateway TouchPortal\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Gateway\Gateway TouchPortal\YouCam\YouCamTray.exe" /s
mRun: [MDS_Menu] "C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink

\MediaShow Espresso\5.6"
mRun: [TouchMovieService] "C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
StartupFolder: C:\Users\Fernandez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk.disabled
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - C:\Program Files (x86)\PicLensIE\cooliris.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{FD7DFB3B-95CD-46EF-95FA-B6B329C581AD} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{FD7DFB3B-95CD-46EF-95FA-B6B329C581AD}\645627E616E64656A7 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FD7DFB3B-95CD-46EF-95FA-B6B329C581AD}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe na
x64-Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 54.225.95.126    hjjjegfhiceggepdokloeepnhlfnedkk
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fernandez\AppData\Roaming\Mozilla\Firefox\Profiles\un0ddqfg.default-1416284723664\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-11-16 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-11-16 267632]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-11-16 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-11-16 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-11-16 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-11-16 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-11-16 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-16 50344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-8 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-4-8 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-11-16 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-1 2656280]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2011-4-8 76320]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-3-1 31088]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-1-1 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 e81a9dc1;GS-Supporter;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-8-27 127752]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-19 17:28:26    11632448    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18DF3D3C-3FB2-4EA9-9C9D-8748279E42C5}\mpengine.dll
2014-11-17 16:07:00    11627712    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-17 00:47:01    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-17 00:30:40    --------    d-----w-    C:\Users\Fernandez\AppData\Roaming\AVAST Software
2014-11-17 00:22:15    267632    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-11-17 00:22:15    116728    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-11-17 00:22:14    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-11-17 00:22:14    83280    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-17 00:22:14    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-11-17 00:22:14    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-11-17 00:22:14    1050432    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-11-17 00:22:10    43152    ----a-w-    C:\Windows\avastSS.scr
2014-11-17 00:19:16    --------    d-----w-    C:\Program Files\AVAST Software
2014-11-17 00:18:50    --------    d-----w-    C:\ProgramData\AVAST Software
2014-11-16 23:18:40    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-11-16 23:18:40    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-16 16:01:24    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3D16C30-EB73-471D-BA58-DE1199ABF394}\gapaengine.dll
2014-11-14 23:45:26    --------    d-sh--w-    C:\Users\Fernandez\AppData\Local\EmieBrowserModeList
2014-11-12 16:40:22    1882624    ----a-w-    C:\Windows\System32\msxml3.dll
2014-11-12 16:39:57    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-11-12 00:32:16    --------    d-----w-    C:\Program Files\Enigma Software Group
2014-11-03 04:30:18    37624    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-11-03 04:30:16    --------    d-----w-    C:\ProgramData\RogueKiller
2014-11-03 04:24:55    --------    d-----w-    C:\Windows\ERUNT
2014-11-03 03:38:22    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-28 22:35:22    --------    d-----w-    C:\Program Files (x86)\Jelbrus Secure Web
2014-10-28 22:27:52    73728    ----a-w-    C:\Windows\SysWow64\tasks.dll
.
==================== Find3M  ====================
.
2014-11-17 00:07:41    128728    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-17 00:07:15    92888    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-12 19:17:20    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 19:17:20    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57    6040064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25    2124288    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49    4298240    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24    2365440    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-06 01:52:35    1892864    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54    304640    ----a-w-    C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36    228864    ----a-w-    C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-10-30 11:25:26    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-10-01 16:11:26    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-01 16:11:12    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49    342016    ----a-w-    C:\Windows\System32\schannel.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:44    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 19:01:12.66 ===============
 



#4 nolavf

nolavf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:04:36 AM

Posted 19 November 2014 - 08:13 PM

Not sure how to attach the zipped "attach.txt" file though



#5 nolavf

nolavf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:04:36 AM

Posted 19 November 2014 - 08:17 PM

Oh I forgot to add what the main problem is!

 

When I am browsing websites, new tabs open up like "PCKeeper" or "My Binary Systems", another tab labeled "Windows Browser warning" is telling me to call "888-556-4127" to eliminate the virus.
When I run Avast, it finds "Browser Warden" and says it disables it but it still shows up as enabled in my Chrome browser.
As mentioned before, I have many words double underlined in blue that pull up "Nav-link" ads and the like. Computer is running very slow and video play is very choppy.



#6 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,554 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:36 PM

Posted 20 November 2014 - 02:24 AM

Hi nolavf, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

Uninstall Spybot Search & Destroy for now.

 
  • Step #1 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Step #2 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #3 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Required Log(s):
    • AdwCleaner Log
    • Junkware Removal Tool Log
    • Farbar Tool Log(s) --
      • FRST.txt
      • Addition.txt
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#7 nolavf

nolavf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:04:36 AM

Posted 20 November 2014 - 06:53 PM

Hi Valinorum,

When I try to run AdwCleaner, it just sits there at the beginning of the scan with the following message: "Pending. Please uncheck elements you don't want to remove."  It's been like that for about 10 minutes now.   Thank you :)



#8 nolavf

nolavf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:04:36 AM

Posted 20 November 2014 - 07:12 PM

# AdwCleaner v4.101 - Report created 20/11/2014 at 18:01:53
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Fernandez - FERNANDEZ-PC
# Running from : C:\Users\Fernandez\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\35b8365ed06bdb75
Folder Deleted : C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v38.0.2125.122

[C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Comodo Dragon v

[C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [16420 octets] - [24/03/2014 20:25:06]
AdwCleaner[R1].txt - [2686 octets] - [26/04/2014 22:25:12]
AdwCleaner[R2].txt - [3695 octets] - [02/11/2014 22:45:02]
AdwCleaner[R3].txt - [1468 octets] - [16/11/2014 17:02:36]
AdwCleaner[R4].txt - [1870 octets] - [20/11/2014 17:32:47]
AdwCleaner[S0].txt - [16586 octets] - [24/03/2014 20:26:19]
AdwCleaner[S1].txt - [2781 octets] - [26/04/2014 22:26:21]
AdwCleaner[S2].txt - [3813 octets] - [02/11/2014 22:46:37]
AdwCleaner[S3].txt - [1533 octets] - [16/11/2014 17:03:47]
AdwCleaner[S4].txt - [2103 octets] - [20/11/2014 18:01:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2163 octets] ##########
 



#9 nolavf

nolavf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:04:36 AM

Posted 20 November 2014 - 07:25 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Fernandez on Thu 11/20/2014 at 18:17:17.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2921601562-578146601-448169979-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/20/2014 at 18:22:03.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#10 nolavf

nolavf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:04:36 AM

Posted 20 November 2014 - 07:29 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Fernandez (administrator) on FERNANDEZ-PC on 20-11-2014 18:24:13
Running from C:\Users\Fernandez\Downloads
Loaded Profile: Fernandez (Available profiles: Fernandez)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Acer Corp.) C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe
(Acer Corp.) C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(CyberLink) C:\Program Files (x86)\Gateway\Gateway TouchPortal\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Gateway\Gateway TouchPortal\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Thisisu) C:\Users\Fernandez\Downloads\JRT(1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Farbar) C:\Users\Fernandez\Downloads\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TouchPortalV3Launcher] => C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe [438376 2010-11-30] (Acer Corp.)
HKLM\...\Run: [TouchORB] => C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [155752 2010-11-12] (Acer Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11485800 2010-10-12] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [TouchPortalV3Launcher] => C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe [438376 2010-11-30] (Acer Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Gateway\Gateway TouchPortal\YouCam\YCMMirage.exe [136488 2011-03-01] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Gateway\Gateway TouchPortal\YouCam\YouCamTray.exe [162912 2011-03-01] (CyberLink Corp.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [TouchMovieService] => C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe [124136 2011-03-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-16] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2921601562-578146601-448169979-1001\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-2921601562-578146601-448169979-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKU\S-1-5-21-2921601562-578146601-448169979-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2921601562-578146601-448169979-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-2921601562-578146601-448169979-1001\...\MountPoints2: {4378dec9-15df-11e0-bf1b-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2921601562-578146601-448169979-1001\...\MountPoints2: {bee6bcdf-fc19-11e1-bd47-c89cdc27eeb0} - F:\LaunchU3.exe -a
Startup: C:\Users\Fernandez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk.disabled
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk.disabled -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2921601562-578146601-448169979-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2921601562-578146601-448169979-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2921601562-578146601-448169979-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-2921601562-578146601-448169979-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD1A83FD04F03D001
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: 54.225.95.126    hjjjegfhiceggepdokloeepnhlfnedkk
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\Fernandez\AppData\Roaming\Mozilla\Firefox\Profiles\un0ddqfg.default-1416284723664
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2921601562-578146601-448169979-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Fernandez\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-10]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\fa9c3dde7f20c1aad7ac2c63748684a3 [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-16]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.univision.com/"
CHR Profile: C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-18]
CHR Extension: (Google Docs) - C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-18]
CHR Extension: (Google Drive) - C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-18]
CHR Extension: (YouTube) - C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-18]
CHR Extension: (Google Search) - C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-18]
CHR Extension: (Google Sheets) - C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-18]
CHR Extension: (Google Wallet) - C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-18]
CHR Extension: (Gmail) - C:\Users\Fernandez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-16] (AVAST Software)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-30] (SurfRight B.V.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2011-03-09] () [File not signed]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S2 e81a9dc1; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service
S2 HPSLPSVC; C:\Users\FERNAN~1\AppData\Local\Temp\7zS72B0\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-16] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-11-14] ()

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 9BE9F2B83DE80E2752B1405CC427E2EC
C:\Windows\system32\drivers\aswMonFlt.sys 2DA1C1AEDF454F8E32A863A1AEACDD8C
C:\Windows\system32\drivers\aswRdr2.sys 4750016EF9CC1DEC6DA3FE5AF9A7F095
C:\Windows\System32\Drivers\aswRvrt.sys 1323269A92645705DEFA053F3596829D
C:\Windows\system32\drivers\aswSnx.sys 655D6F1B8722091427FB18663A546E2C
C:\Windows\system32\drivers\aswSP.sys B1881A01E301990B671694CA1623F1B6
C:\Windows\system32\drivers\aswStm.sys 7509F07BA6F84C1E3B2C0D78A1F6F782
C:\Windows\System32\Drivers\aswVmm.sys 1A5BDDE65B648DC3AD48B6ECAA3AE9C8
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\System32\DRIVERS\e1c62x64.sys EAFCB4551836FF44EE775CEDDFA7A77E
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 0D1B8C64BDF0E5CDC523A1409FFB5EF0
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 41685EFEB7D02847D208C4BB39E253D8
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MBfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6439D1E559D08BD8A1465A8943357053
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys F9EEFFC65C68A45001D1349E652B8B6F
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RTL8192su.sys B3F36B4B3F192EA87DDC119F3A0B3E45
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\TrueSight.sys 975F2CAA23B9CF4420EAB6439BE4D233
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 18:23 - 2014-11-20 18:23 - 02117632 _____ (Farbar) C:\Users\Fernandez\Downloads\FRST64(1).exe
2014-11-20 18:22 - 2014-11-20 18:22 - 00001363 _____ () C:\Users\Fernandez\Desktop\JRT.txt
2014-11-20 18:16 - 2014-11-20 18:16 - 00067312 _____ () C:\Users\Fernandez\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-20 18:15 - 2014-11-20 18:16 - 01707532 _____ (Thisisu) C:\Users\Fernandez\Downloads\JRT(1).exe
2014-11-20 18:10 - 2014-11-20 18:10 - 01707532 _____ (Thisisu) C:\Users\Fernandez\Downloads\JRT.exe
2014-11-20 18:06 - 2014-11-20 18:16 - 00039583 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 17:32 - 2014-11-20 17:32 - 02140160 _____ () C:\Users\Fernandez\Downloads\AdwCleaner(1).exe
2014-11-20 17:27 - 2014-11-20 17:27 - 00061854 _____ () C:\Users\Fernandez\Downloads\Shortcut.txt
2014-11-20 17:26 - 2014-11-20 17:27 - 00032119 _____ () C:\Users\Fernandez\Downloads\Addition.txt
2014-11-20 17:25 - 2014-11-20 18:24 - 00035919 _____ () C:\Users\Fernandez\Downloads\FRST.txt
2014-11-20 17:25 - 2014-11-20 18:24 - 00000000 ____D () C:\FRST
2014-11-20 17:24 - 2014-11-20 17:24 - 02117632 _____ (Farbar) C:\Users\Fernandez\Downloads\FRST64.exe
2014-11-19 19:09 - 2014-11-19 19:09 - 00003351 _____ () C:\Users\Fernandez\Documents\attach.7z
2014-11-19 19:08 - 2014-11-19 19:01 - 00011700 _____ () C:\Users\Fernandez\Documents\attach.txt
2014-11-19 19:07 - 2014-11-19 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-19 19:07 - 2014-11-19 19:07 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-11-19 19:06 - 2014-11-19 19:06 - 01110476 _____ () C:\Users\Fernandez\Downloads\7z920.exe
2014-11-19 19:01 - 2014-11-19 19:01 - 00024873 _____ () C:\Users\Fernandez\Desktop\dds.txt
2014-11-19 19:01 - 2014-11-19 19:01 - 00011700 _____ () C:\Users\Fernandez\Desktop\attach.txt
2014-11-19 18:59 - 2014-11-19 18:59 - 00688992 ____R (Swearware) C:\Users\Fernandez\Downloads\dds.com
2014-11-19 11:22 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:22 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 11:22 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 11:22 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 22:39 - 2014-11-18 22:39 - 00068008 _____ () C:\Users\Fernandez\Downloads\FLVPlayer-Chrome (2).exe
2014-11-18 22:38 - 2014-11-18 22:38 - 00069056 _____ () C:\Users\Fernandez\Downloads\FLVPlayer-Chrome (1).exe
2014-11-18 08:17 - 2014-11-18 22:03 - 00002226 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-18 08:17 - 2014-11-18 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-18 08:16 - 2014-11-18 08:16 - 00880784 _____ (Google Inc.) C:\Users\Fernandez\Downloads\ChromeSetup.exe
2014-11-17 13:59 - 2014-11-17 14:00 - 00015964 _____ () C:\Users\Fernandez\Downloads\FLVPlayer-Chrome.exe
2014-11-16 18:47 - 2014-11-16 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-16 18:47 - 2014-11-16 18:46 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-16 18:47 - 2014-11-16 18:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-16 18:47 - 2014-11-16 18:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-16 18:47 - 2014-11-16 18:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-16 18:30 - 2014-11-16 18:30 - 00000000 ____D () C:\Users\Fernandez\AppData\Roaming\AVAST Software
2014-11-16 18:22 - 2014-11-16 18:30 - 00002213 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-16 18:22 - 2014-11-16 18:22 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-16 18:22 - 2014-11-16 18:22 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-16 18:22 - 2014-11-16 18:22 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-16 18:22 - 2014-11-16 18:22 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-16 18:22 - 2014-11-16 18:22 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-16 18:22 - 2014-11-16 18:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-16 18:22 - 2014-11-16 18:22 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-16 18:22 - 2014-11-16 18:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-16 18:22 - 2014-11-16 18:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-16 18:22 - 2014-11-16 18:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-16 18:22 - 2014-11-16 18:22 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-11-16 18:22 - 2014-11-16 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-16 18:19 - 2014-11-16 18:19 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-16 18:18 - 2014-11-16 18:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-16 17:18 - 2014-11-20 17:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-16 17:18 - 2014-11-20 17:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-16 17:01 - 2014-11-16 17:01 - 00000000 ____D () C:\Users\Fernandez\Documents\2011 Taxes
2014-11-14 17:45 - 2014-11-14 17:45 - 00000000 __SHD () C:\Users\Fernandez\AppData\Local\EmieBrowserModeList
2014-11-12 10:42 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 10:42 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 10:42 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 10:42 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 10:42 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 10:42 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 10:42 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 10:42 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 10:42 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 10:42 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 10:42 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 10:42 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 10:42 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 10:42 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 10:42 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 10:42 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 10:42 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 10:42 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 10:42 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 10:42 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 10:42 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 10:42 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 10:42 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 10:42 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 10:42 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 10:42 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 10:42 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 10:42 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 10:42 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 10:42 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 10:42 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 10:42 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 10:42 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 10:42 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 10:42 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 10:42 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 10:42 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 10:42 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 10:42 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 10:42 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 10:42 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 10:42 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 10:42 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 10:42 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 10:42 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 10:42 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 10:42 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 10:42 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 10:42 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 10:42 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 10:42 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 10:42 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 10:42 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 10:42 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 10:42 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 10:42 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 10:42 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 10:42 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 10:42 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 10:42 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:42 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:42 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:42 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:42 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:42 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:42 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 10:42 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:42 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:40 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:40 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 10:40 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 10:40 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 10:40 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 10:40 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 10:40 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 10:40 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 10:40 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 10:40 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 10:40 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 10:40 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 10:40 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:40 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:40 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:40 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 10:39 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:39 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:39 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:39 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 10:39 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 10:39 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 10:39 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:39 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:39 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:39 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:39 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:39 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:39 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:39 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:39 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:39 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:39 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 18:37 - 2014-11-11 18:37 - 00000000 _____ () C:\autoexec.bat
2014-11-11 18:32 - 2014-11-11 18:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-11 18:28 - 2014-11-16 17:02 - 00002714 _____ () C:\Users\Fernandez\Desktop\Rkill.txt
2014-11-10 18:00 - 2014-11-10 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-02 22:30 - 2014-11-14 17:48 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-02 22:30 - 2014-11-02 22:30 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-02 22:24 - 2014-11-02 22:24 - 00000000 ____D () C:\Windows\ERUNT
2014-11-02 22:03 - 2014-11-02 22:03 - 00000000 ____D () C:\Windows\ERDNT
2014-11-02 21:58 - 2014-11-02 22:29 - 00000000 ____D () C:\Users\Fernandez\Desktop\rkill
2014-11-02 21:53 - 2014-11-16 18:18 - 00000000 ____D () C:\Users\Fernandez\Desktop\COMPUTER FIX DO NOT DELETE
2014-11-02 21:38 - 2014-11-16 18:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-02 21:37 - 2014-11-16 18:17 - 00000000 ____D () C:\Users\Fernandez\Desktop\mbar
2014-10-28 16:35 - 2014-11-19 22:03 - 00003294 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task
2014-10-28 16:35 - 2014-11-16 20:08 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web
2014-10-28 16:27 - 2014-10-30 16:27 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2014-10-27 16:22 - 2014-10-27 16:23 - 00622103 ____R () C:\Users\Fernandez\Downloads\13. Gone Girl - Gillian Flynn.epub
2014-10-27 16:11 - 2014-10-27 16:21 - 00000935 _____ () C:\Users\Fernandez\Downloads\[kickass.to]gone.girl.gillian.flynn.epub.zeke23.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 18:21 - 2011-08-16 20:10 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 18:18 - 2011-07-18 07:21 - 00000000 ____D () C:\Users\Fernandez\AppData\Local\CrashDumps
2014-11-20 18:17 - 2012-04-11 09:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-20 18:11 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 18:11 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 18:09 - 2009-07-13 23:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-20 18:03 - 2013-01-28 20:06 - 00000000 ___RD () C:\Users\Fernandez\Google Drive
2014-11-20 18:03 - 2012-01-19 17:39 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2921601562-578146601-448169979-1001UA.job
2014-11-20 18:03 - 2011-08-16 20:10 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 18:03 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 18:01 - 2014-03-24 20:25 - 00000000 ____D () C:\AdwCleaner
2014-11-20 17:50 - 2012-01-19 17:39 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2921601562-578146601-448169979-1001Core.job
2014-11-19 11:16 - 2012-01-23 19:49 - 00000000 ____D () C:\Users\Fernandez\Desktop\2011 Taxes
2014-11-18 08:18 - 2011-07-17 18:16 - 00000000 ____D () C:\Users\Fernandez\AppData\Local\Google
2014-11-18 08:17 - 2011-08-16 20:10 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-18 08:16 - 2011-08-16 20:10 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-18 08:16 - 2011-08-16 20:10 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-17 22:41 - 2013-08-27 18:59 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-17 22:25 - 2014-04-26 22:21 - 00000000 ____D () C:\Users\Fernandez\Desktop\Old Firefox Data
2014-11-17 21:52 - 2012-06-07 21:04 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-11-17 21:52 - 2012-06-07 21:03 - 00000000 ____D () C:\ProgramData\DivX
2014-11-17 21:51 - 2012-06-07 21:06 - 00000000 ____D () C:\Users\Fernandez\AppData\Roaming\DivX
2014-11-17 21:51 - 2012-06-07 21:05 - 00000000 ____D () C:\Program Files\DivX
2014-11-16 18:46 - 2012-09-13 22:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-16 18:07 - 2014-07-20 09:38 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 18:07 - 2014-07-20 09:36 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-16 17:50 - 2009-07-13 23:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-16 17:47 - 2013-01-13 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-16 17:47 - 2013-01-13 16:07 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-16 16:08 - 2014-05-17 16:24 - 00000000 ____D () C:\Program Files (x86)\TagRename
2014-11-16 15:53 - 2011-09-20 17:03 - 00000000 ____D () C:\ProgramData\Google
2014-11-15 09:22 - 2011-07-17 15:11 - 00000000 ____D () C:\Users\Fernandez\AppData\Roaming\TouchGadget
2014-11-13 20:58 - 2011-01-01 14:02 - 00000000 ____D () C:\ProgramData\Temp
2014-11-13 20:49 - 2013-09-01 09:04 - 00000582 _____ () C:\Windows\system32\.crusader
2014-11-13 12:00 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 09:52 - 2014-05-06 22:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 23:54 - 2013-08-04 23:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 23:51 - 2011-07-25 13:11 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 13:17 - 2012-04-11 09:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 13:17 - 2012-04-11 09:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 13:17 - 2011-08-08 18:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 08:24 - 2012-05-04 20:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-08 16:57 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-02 21:52 - 2013-12-28 22:40 - 00000000 ____D () C:\Users\Fernandez\AppData\Roaming\uTorrent
2014-10-30 20:35 - 2014-07-20 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-30 20:35 - 2014-07-20 09:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-30 17:04 - 2011-07-17 14:20 - 00000000 ____D () C:\Users\Fernandez\AppData\Local\Adobe
2014-10-30 05:25 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 16:36 - 2014-02-02 09:03 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-28 16:36 - 2009-07-13 21:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-28 16:36 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-27 16:29 - 2013-12-28 22:28 - 00000000 ____D () C:\Users\Fernandez\Documents\Calibre Library
2014-10-27 16:29 - 2013-12-28 22:28 - 00000000 ____D () C:\Users\Fernandez\AppData\Roaming\calibre
2014-10-21 19:17 - 2012-01-22 22:28 - 00000000 ____D () C:\Users\Fernandez\AppData\Roaming\SoftGrid Client

Some content of TEMP:
====================
C:\Users\Fernandez\AppData\Local\Temp\Quarantine.exe
C:\Users\Fernandez\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {a26aec13-15de-11e0-8831-c6ede0d82266}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {a26aec15-15de-11e0-8831-c6ede0d82266}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {a26aec13-15de-11e0-8831-c6ede0d82266}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {a26aec15-15de-11e0-8831-c6ede0d82266}
device                  ramdisk=[C:]\Recovery\a26aec15-15de-11e0-8831-c6ede0d82266\Winre.wim,{a26aec16-15de-11e0-8831-c6ede0d82266}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\a26aec15-15de-11e0-8831-c6ede0d82266\Winre.wim,{a26aec16-15de-11e0-8831-c6ede0d82266}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {a26aec13-15de-11e0-8831-c6ede0d82266}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {a26aec16-15de-11e0-8831-c6ede0d82266}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\a26aec15-15de-11e0-8831-c6ede0d82266\boot.sdi



LastRegBack: 2014-11-15 09:51

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Fernandez at 2014-11-20 18:24:55
Running from C:\Users\Fernandez\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVG PC Tuneup 2011 (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.26 - AVG)
Best Buy pc app (Version: 3.2.2.1 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.2.1 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{4ED40090-5A38-415F-B222-26DD6D3C1AEF}) (Version: 2.2.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Cooliris for Internet Explorer (HKLM-x32\...\{14C52FEF-0236-4D8C-BBE2-E6D7C4F2926D}) (Version: 1.12.1.37152 - Cooliris Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.1425 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3003 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0506.2010 - Gateway Incorporated)
Gateway TouchPortal (HKLM-x32\...\{C652F86F-348A-4A65-8BE8-A3F7A6370D98}) (Version: 3.00.3008 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.122 - Google Inc.)
Google Drive (HKLM-x32\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Gateway Incorporated)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2219 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaShow Espresso (x32 Version: 5.5.1422_24072 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6220 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\RollerCoaster Tycoon Deluxe_is1) (Version:  - GOG.com)
Should I Remove It (HKU\S-1-5-21-2921601562-578146601-448169979-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SimTheme Park (HKLM-x32\...\Theme Park World) (Version:  - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
THX TruStudio Pro (HKLM-x32\...\{97BE901A-9940-4ACF-9921-A6FAA284AC03}) (Version: 1.0 - Creative Technology Limited)
Touch Movie (x32 Version: 9.0.7503 - CyberLink Corp.) Hidden
Touch MVP (x32 Version: 4.2.8703 - CyberLink Corp.) Hidden
TouchSettings (HKLM-x32\...\{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}) (Version: 1.00.0008 - Gateway Incorporated)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3102 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-11-2014 05:50:44 Windows Update
14-11-2014 02:48:54 Checkpoint by HitmanPro
16-11-2014 16:00:33 Windows Update
18-11-2014 04:47:44 Checkpoint by HitmanPro
19-11-2014 17:26:43 Windows Update
20-11-2014 05:08:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-10-28 16:36 - 00000872 ____N C:\Windows\system32\Drivers\etc\hosts
54.225.95.126    hjjjegfhiceggepdokloeepnhlfnedkk

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {073AC073-B83F-4A0D-A102-5D895F5E5459} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {33F15A95-DE6B-496E-B5C2-DB90929D4036} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {4633ACA2-4717-465F-AD39-2A26F20E9EEF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5EF56F6B-F488-486D-8CC4-F272B5D38039} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {62CEF9D4-3EB4-4728-98F5-274971359E1F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2921601562-578146601-448169979-1001UA => C:\Users\Fernandez\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {62E1AFC4-A353-419D-A2E5-C8235806F461} - \GPUP No Task File <==== ATTENTION
Task: {72CC6330-C88B-4D90-8A83-06A4AB16648E} - System32\Tasks\{1F77BDFF-B814-4CD4-9983-66E5DBEC6B90} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {87FF2CDD-F005-4C9D-A7AE-BE217C582B84} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2921601562-578146601-448169979-1001Core => C:\Users\Fernandez\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {8D239C98-2D81-4E6C-A067-AA27B9261D86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.)
Task: {AB17E295-CD67-4C3F-9283-3033F9DD1E9C} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-28] (Jelbrus)
Task: {ABD432F3-CFBF-4EFB-AE54-3B0E18C12FB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.)
Task: {AC2D897A-5C14-4585-858B-390F5C937A94} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CD0B4A9E-604A-4628-BFE9-EFFFAFAFFE65} - System32\Tasks\{27E7E72A-AC22-4B91-ACD0-74DA17E7E075} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {D79D37DA-F99E-48EA-81AC-85BA1178216F} - System32\Tasks\4798 => Wscript.exe C:\Users\FERNAN~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {E83A5A2B-9FE5-4E0A-9353-ED34CF180731} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2921601562-578146601-448169979-1001Core.job => C:\Users\Fernandez\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2921601562-578146601-448169979-1001UA.job => C:\Users\Fernandez\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-31 18:13 - 2011-08-31 18:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-18 19:08 - 2011-01-18 19:08 - 00620136 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
2011-01-01 14:08 - 2011-03-09 20:03 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2014-04-14 13:41 - 2014-04-14 13:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2011-04-08 05:56 - 2009-12-09 03:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2014-11-20 17:27 - 2014-11-20 17:27 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14112001\algo.dll
2011-04-08 05:46 - 2010-08-13 12:00 - 00014368 _____ () C:\Program Files (x86)\Gateway\Gateway TouchPortal\LanguageDll\TouchPortalLauncher-en.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-18 19:08 - 2011-01-18 19:08 - 00151656 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
2014-11-16 18:22 - 2014-11-16 18:22 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-20 18:03 - 2014-11-20 18:03 - 00098816 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\win32api.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00110080 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\pywintypes27.dll
2014-11-20 18:03 - 2014-11-20 18:03 - 00364544 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\pythoncom27.dll
2014-11-20 18:03 - 2014-11-20 18:03 - 00044032 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\_socket.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 01153024 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\_ssl.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00320512 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\win32com.shell.shell.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00711680 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\_hashlib.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 01175040 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\wx._core_.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00805888 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\wx._gdi_.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00811008 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\wx._windows_.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 01062400 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\wx._controls_.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00735232 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\wx._misc_.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00128512 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\_elementtree.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00127488 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\pyexpat.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00557056 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\pysqlite2._sqlite.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00087040 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\_ctypes.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00119808 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\win32file.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00108544 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\win32security.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00018432 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\win32event.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00038912 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\win32inet.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00122368 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\wx._wizard.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00026624 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\_multiprocessing.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00070656 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\wx._html2.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00010240 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\select.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00686080 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\unicodedata.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00025600 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\win32pdh.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00521680 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\windows._lib_cacheinvalidation.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00011264 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\win32crypt.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00024064 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\win32pipe.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00035840 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\win32process.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00017408 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\win32profile.pyd
2014-11-20 18:03 - 2014-11-20 18:03 - 00022528 _____ () C:\Users\Fernandez\AppData\Local\Temp\_MEI20082\win32ts.pyd
2014-10-16 09:27 - 2014-10-16 09:27 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-04-08 05:08 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-11-10 18:00 - 2014-11-10 18:00 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-12 13:17 - 2014-11-12 13:17 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: SmileboxTray => "C:\Users\Fernandez\AppData\Roaming\Smilebox\SmileboxTray.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2921601562-578146601-448169979-500 - Administrator - Disabled)
Fernandez (S-1-5-21-2921601562-578146601-448169979-1001 - Administrator - Enabled) => C:\Users\Fernandez
Guest (S-1-5-21-2921601562-578146601-448169979-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2921601562-578146601-448169979-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-09 00:50:47.034
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-09 00:50:46.941
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-23 09:18:04.391
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-23 09:18:04.331
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 54%
Total physical RAM: 4040.02 MB
Available physical RAM: 1857.04 MB
Total Pagefile: 8078.22 MB
Available Pagefile: 5547.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:448.08 GB) (Free:338 GB) NTFS
Drive d: (Sims3) (CDROM) (Total:6.93 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FF94FE0D)
Partition 1: (Not Active) - (Size=17.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=448.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,554 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:36 PM

Posted 21 November 2014 - 01:50 AM

Are you facing issues currently?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#12 nolavf

nolavf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:04:36 AM

Posted 21 November 2014 - 08:57 AM

Yes, still the same problem.



#13 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,554 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:36 PM

Posted 23 November 2014 - 10:32 AM

Hi,

Uninstall HitmanPro, Spybot - Search & Destroy, AVG PC Tuneup 2011, andShould I Remove It.
  • Step #4 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      Closeprocesses:
      Emptytemp:
      HKLM-x32\...\Run: [] => [X]
      GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
      CHR HKU\S-1-5-21-2921601562-578146601-448169979-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
      Hosts: 54.225.95.126    hjjjegfhiceggepdokloeepnhlfnedkk
      S2 e81a9dc1; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service
      c:\progra~2\gs-ena~1\AssistantSvc.dll
      Task: {33F15A95-DE6B-496E-B5C2-DB90929D4036} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
      Task: {62E1AFC4-A353-419D-A2E5-C8235806F461} - \GPUP No Task File <==== ATTENTION
      Task: {D79D37DA-F99E-48EA-81AC-85BA1178216F} - System32\Tasks\4798 => Wscript.exe C:\Users\FERNAN~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
      C:\Users\FERNAN~1\AppData\Local\Temp\launchie.vbs
      AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
      CMD: bitsadmin /reset /allusers
      CMD: ipconfig /flushdns
      CMD: netsh advfirewall reset
      CMD: netsh advfirewall set allprofiles state on
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#14 nolavf

nolavf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:04:36 AM

Posted 23 November 2014 - 06:25 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
Ran by Fernandez at 2014-11-23 17:14:05 Run:1
Running from C:\Users\Fernandez\Downloads
Loaded Profile: Fernandez (Available profiles: Fernandez)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Closeprocesses:
Emptytemp:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2921601562-578146601-448169979-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Hosts: 54.225.95.126    hjjjegfhiceggepdokloeepnhlfnedkk
S2 e81a9dc1; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service
c:\progra~2\gs-ena~1\AssistantSvc.dll
Task: {33F15A95-DE6B-496E-B5C2-DB90929D4036} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {62E1AFC4-A353-419D-A2E5-C8235806F461} - \GPUP No Task File <==== ATTENTION
Task: {D79D37DA-F99E-48EA-81AC-85BA1178216F} - System32\Tasks\4798 => Wscript.exe C:\Users\FERNAN~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\FERNAN~1\AppData\Local\Temp\launchie.vbs
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2921601562-578146601-448169979-1001\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
e81a9dc1 => Service deleted successfully.
"c:\progra~2\gs-ena~1\AssistantSvc.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33F15A95-DE6B-496E-B5C2-DB90929D4036}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33F15A95-DE6B-496E-B5C2-DB90929D4036}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62E1AFC4-A353-419D-A2E5-C8235806F461}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62E1AFC4-A353-419D-A2E5-C8235806F461}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D79D37DA-F99E-48EA-81AC-85BA1178216F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D79D37DA-F99E-48EA-81AC-85BA1178216F}" => Key deleted successfully.
C:\Windows\System32\Tasks\4798 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4798" => Key deleted successfully.
"C:\Users\FERNAN~1\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{B42E4013-B538-45C7-A03E-C2BE3F84DA05} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

EmptyTemp: => Removed 681.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


It's still doing the same things as before, underlined ads, new tabs popping up.



#15 nolavf

nolavf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:04:36 AM

Posted 23 November 2014 - 07:06 PM

Oops! I didn't notice where you requested to uninstall HitmanPro, Spybot - Search & Destroy, AVG PC Tuneup 2011, andShould I Remove It..  I will start over and post the new log.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users