Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer at startup and redirects


  • Please log in to reply
5 replies to this topic

#1 chris.hillegas

chris.hillegas

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jonesboro, AR
  • Local time:10:34 AM

Posted 28 December 2014 - 08:08 AM

My computer has started slowing down over the past few weeks and my email has been compromised, which I have already fixed and changed my password.  Wondering if someone could take a look and make sure my computer isn't infected with something hiding.  Here are the following logs.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:34 AM

Posted 01 January 2015 - 10:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 chris.hillegas

chris.hillegas
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jonesboro, AR
  • Local time:10:34 AM

Posted 01 January 2015 - 09:43 PM

# AdwCleaner v4.106 - Report created 28/12/2014 at 06:31:24
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sarah - CHRIS-DESKTOP
# Running from : C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NXYOXTV\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Yontoo
[!] Folder Deleted : C:\Program Files (x86)\Elex-tech
Folder Deleted : C:\Users\Sarah\AppData\Local\Temp\iSafeRightKeyScan
Folder Deleted : C:\Users\Guest\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Sarah\AppData\Local\GreatArcadeHits
Folder Deleted : C:\Users\Sarah\AppData\Local\Software
Folder Deleted : C:\Users\Sarah\AppData\Roaming\eCyber
[!] Folder Deleted : C:\Users\Sarah\AppData\Roaming\Elex-tech
Folder Deleted : C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
File Deleted : C:\Users\Public\Desktop\YAC.lnk
File Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk
File Deleted : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\ezvwhbbu.default\searchplugins\Conduit.xml

***** [ Scheduled Tasks ] *****

Task Deleted : VisualBeeRecovery

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\visualbee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v

[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.FF19Solved", "true");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.UserID", "UN40003303151007120");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.fullUserID", "UN40003303151007120.IN.20131214225355");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.installDate", "14/12/2013 22:54:08");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.installSessionId", "{5092D80A-2A7D-421C-B50F-D4D7B20EDF81}");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.installSp", "TRUE");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.keyword", "true");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.originalHomepage", "about:home");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.originalSearchEngine", "");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.originalSearchEngineName", "");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.searchRevert", "true");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.searchUserMode", "2");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.toolbarInstallDate", "14-12-2013 22:53:56");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.23.0.722");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("CT3306061.xpeMode", "0");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN40003303151007120&UM=2&SearchSource=3&q={searchTerms}");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN40003303151007120&UM=2&SearchSource=13&UP=SP0C452C34-0D5C-408F-AC5C-C2FAF11FF4E6&SSPV=");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN40003303151007120&UM=2&q=");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN40003303151007120&UM=2&SearchSource=13");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN40003303151007120&UM=2&q=");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
[ezvwhbbu.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "QCWRUDJUICQVY2CCOXGINDQWJ84CU6ZV5ABFSWG8SENJYAHSW+VTDVVYVOURGDJFMYIP41YFMFIQK8VH34OFBW");

*************************

AdwCleaner[R0].txt - [7033 octets] - [28/12/2014 06:27:56]
AdwCleaner[S0].txt - [7042 octets] - [28/12/2014 06:31:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7102 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by Sarah (administrator) on CHRIS-DESKTOP on 01-01-2015 20:37:49
Running from C:\Users\Sarah\Downloads
Loaded Profile: Sarah (Available profiles: Sarah & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Sontheim Industrie Elektronik GmbH) C:\Program Files (x86)\Sontheim\MT_Api\SIECA132Switcher.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sontheim Industrie Elektronik GmbH) C:\Program Files (x86)\Sontheim\SiEJ2534\SiECINSE.exe
(Sontheim Industrie Elektronik GmbH) C:\Program Files (x86)\Common Files\Sontheim\MDTMS\SiEMDTMiniServer.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cummins Inc.) C:\Program Files (x86)\Cummins Inc\UpdateManager\UpdateService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Cummins Inc.) C:\Program Files (x86)\Cummins Inc\HDSService\HDSService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKU\S-1-5-21-3746274514-1657659976-651233143-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3746274514-1657659976-651233143-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3746274514-1657659976-651233143-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3746274514-1657659976-651233143-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3746274514-1657659976-651233143-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3746274514-1657659976-651233143-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3746274514-1657659976-651233143-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\ezvwhbbu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Test Pilot - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\ezvwhbbu.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-03-25]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-08]
FF HKU\S-1-5-21-3746274514-1657659976-651233143-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-3746274514-1657659976-651233143-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CumminsUpdateService; C:\Program Files (x86)\Cummins Inc\UpdateManager\UpdateService.exe [10752 2012-09-14] (Cummins Inc.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 INSITEHDSService; C:\Program Files (x86)\Cummins Inc\HDSService\HDSService.exe [9216 2012-09-24] (Cummins Inc.) [File not signed]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2014-12-22] (Elex do Brasil Participações Ltda)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SIECA132Switcher.exe; C:\Program Files (x86)\Sontheim\MT_Api\SIECA132Switcher.exe [61440 2013-08-14] (Sontheim Industrie Elektronik GmbH) [File not signed]
S3 SIECE132Svr_V7.04.4300; C:\Program Files (x86)\Sontheim\MT_Api\7.4.43.0\SIECE132Svr.exe [61440 2012-02-28] (Sontheim Industrie Elektronik GmbH) [File not signed]
R2 SiEJ2534Svr; C:\Program Files (x86)\Sontheim\SiEJ2534\SiECINSE.exe [4167168 2013-09-02] (Sontheim Industrie Elektronik GmbH) [File not signed]
R2 SiEMDTMiniServer.exe; C:\Program Files (x86)\Common Files\Sontheim\MDTMS\SiEMDTMiniServer.exe [45056 2013-12-10] (Sontheim Industrie Elektronik GmbH) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 CANNT; C:\Windows\SysWow64\Drivers\CANNT.sys [23584 2013-04-12] (Noregon Systems) [File not signed]
S2 CATLNKNT; C:\Windows\SysWow64\Drivers\CATLNKNT.sys [23712 2013-04-12] (Noregon Systems) [File not signed]
S2 DLADRVNT; C:\Windows\SysWow64\Drivers\DLADRVNT.sys [32832 2013-04-12] (Noregon Systems) [File not signed]
S2 DLASIPNT; C:\Windows\SysWow64\Drivers\DLASIPNT.sys [82752 2013-04-12] (Noregon Systems) [File not signed]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2014-12-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2014-12-22] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2014-12-12] (Elex do Brasil Participações Ltda)
S2 J1708NT; C:\Windows\SysWow64\Drivers\J1708NT.sys [23296 2013-04-12] (Noregon Systems) [File not signed]
S2 J1939NT; C:\Windows\SysWow64\Drivers\J1939NT.sys [24320 2013-04-12] (Noregon Systems) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S2 PARCAII; C:\Windows\SysWow64\Drivers\PARCAII.sys [14602 2013-04-12] (Noregon Systems\Vansco Electronics) [File not signed]
S2 PCSMHNT; C:\Windows\SysWow64\Drivers\PCSMHNT.sys [40000 2013-04-12] (Noregon Systems) [File not signed]
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-29] ()
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 20:37 - 2015-01-01 20:38 - 00018005 _____ () C:\Users\Sarah\Downloads\FRST.txt
2015-01-01 20:37 - 2015-01-01 20:37 - 02123264 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64.exe
2015-01-01 20:37 - 2015-01-01 20:37 - 00000000 ____D () C:\FRST
2014-12-29 19:37 - 2014-12-29 20:03 - 00000000 ____D () C:\ComboFix
2014-12-29 19:37 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-29 19:37 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-29 19:37 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-29 19:37 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-29 19:37 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-29 19:37 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-29 19:37 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-29 19:37 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-29 19:36 - 2014-12-29 20:02 - 00000000 ____D () C:\Qoobox
2014-12-29 19:35 - 2014-12-29 20:00 - 00000000 ____D () C:\Windows\erdnt
2014-12-29 19:27 - 2014-12-29 19:27 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-29 19:27 - 2014-12-29 19:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-29 19:26 - 2014-12-29 19:26 - 00001110 _____ () C:\Users\Sarah\Desktop\JRT.txt
2014-12-29 19:23 - 2014-12-29 19:23 - 15298136 _____ () C:\Users\Sarah\Desktop\RogueKiller.exe
2014-12-29 19:23 - 2014-12-29 19:23 - 05603624 ____R (Swearware) C:\Users\Sarah\Desktop\ComboFix.exe
2014-12-29 19:21 - 2014-12-29 19:21 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Elex-tech
2014-12-29 19:18 - 2014-12-29 19:18 - 01707939 _____ (Thisisu) C:\Users\Sarah\Downloads\JRT(1).exe
2014-12-29 19:12 - 2014-12-29 19:12 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-29 19:12 - 2014-12-29 19:12 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-29 19:12 - 2014-12-29 19:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-29 19:09 - 2014-12-29 19:09 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\dqxxmsk.sys
2014-12-28 07:04 - 2014-12-28 07:05 - 00011507 _____ () C:\Users\Sarah\Desktop\attach.txt
2014-12-28 07:04 - 2014-12-28 07:04 - 00019583 _____ () C:\Users\Sarah\Desktop\dds.txt
2014-12-28 07:01 - 2014-12-28 07:01 - 00688992 ____R (Swearware) C:\Users\Sarah\Desktop\dds.com
2014-12-28 06:41 - 2014-12-28 06:41 - 01707939 _____ (Thisisu) C:\Users\Sarah\Downloads\JRT.exe
2014-12-28 06:41 - 2014-12-28 06:41 - 00000000 ____D () C:\Windows\ERUNT
2014-12-28 06:33 - 2014-12-28 06:33 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\eCyber
2014-12-28 06:31 - 2014-12-28 06:33 - 00007194 _____ () C:\Users\Sarah\Desktop\AdwCleaner[S0].txt
2014-12-28 06:29 - 2014-12-28 06:29 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Sarah\Desktop\tdsskiller.exe
2014-12-28 06:27 - 2015-01-01 20:36 - 00000000 ____D () C:\AdwCleaner
2014-12-28 06:25 - 2014-12-28 06:25 - 02173952 _____ () C:\Users\Sarah\Desktop\AdwCleaner.exe
2014-12-28 06:03 - 2015-01-01 08:06 - 00614568 _____ () C:\Windows\PFRO.log
2014-12-28 06:01 - 2014-12-28 06:07 - 00000000 ____D () C:\Windows\pss
2014-12-28 05:55 - 2015-01-01 08:07 - 00000224 _____ () C:\Windows\setupact.log
2014-12-28 05:55 - 2014-12-28 05:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-23 17:04 - 2014-12-28 06:32 - 00000000 ____D () C:\Windows\system32\log
2014-12-23 17:04 - 2014-12-12 01:31 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-12-23 17:03 - 2014-12-23 17:03 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-12-23 15:34 - 2015-01-01 08:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-23 15:33 - 2014-12-23 15:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-23 15:33 - 2014-12-23 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-23 15:33 - 2014-12-23 15:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-23 15:33 - 2014-12-23 15:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-23 15:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-23 15:33 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-23 15:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-10 20:39 - 2014-12-10 20:44 - 00010752 _____ () C:\Users\Sarah\Desktop\Passwords.xls
2014-12-08 20:15 - 2014-12-31 12:40 - 00011264 _____ () C:\Users\Sarah\Desktop\Budget.xls
2014-12-08 20:00 - 2015-01-01 20:32 - 00000374 _____ () C:\Windows\Tasks\WpsUpdateTask_Sarah.job
2014-12-08 20:00 - 2015-01-01 20:32 - 00000374 _____ () C:\Windows\Tasks\WpsNotifyTask_Sarah.job
2014-12-08 20:00 - 2014-12-08 20:00 - 00003358 _____ () C:\Windows\System32\Tasks\WpsUpdateTask_Sarah
2014-12-08 20:00 - 2014-12-08 20:00 - 00003358 _____ () C:\Windows\System32\Tasks\WpsNotifyTask_Sarah
2014-12-08 20:00 - 2014-12-08 20:00 - 00001408 _____ () C:\Users\Public\Desktop\Kingsoft Writer.lnk
2014-12-08 20:00 - 2014-12-08 20:00 - 00001406 _____ () C:\Users\Public\Desktop\Kingsoft Presentation.lnk
2014-12-08 20:00 - 2014-12-08 20:00 - 00001387 _____ () C:\Users\Public\Desktop\Kingsoft Spreadsheets.lnk
2014-12-08 20:00 - 2014-12-08 20:00 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Kingsoft
2014-12-08 19:59 - 2014-12-08 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Office
2014-12-08 19:57 - 2014-12-08 19:57 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Kingsoft
2014-12-08 16:44 - 2014-12-08 16:45 - 00002524 _____ () C:\Windows\SysWOW64\TEST.log
2014-12-08 16:24 - 2014-12-08 16:24 - 00000000 ____D () C:\ProgramData\WEBREG
2014-12-08 16:20 - 2014-12-10 12:22 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\HP
2014-12-08 16:18 - 2014-12-08 16:18 - 00001054 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-12-08 16:18 - 2014-12-08 16:18 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Yahoo!
2014-12-08 16:18 - 2014-12-08 16:18 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-12-08 16:17 - 2014-12-08 16:17 - 00002171 _____ () C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2014-12-08 16:17 - 2014-12-08 16:17 - 00001325 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2014-12-08 16:17 - 2014-12-08 16:17 - 00001319 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk
2014-12-08 16:17 - 2014-12-08 16:17 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-12-08 16:16 - 2014-12-08 16:16 - 00001165 _____ () C:\Users\Public\Desktop\Shop for HP Supplies.lnk
2014-12-08 16:16 - 2014-12-08 16:16 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-12-08 16:11 - 2014-12-08 16:20 - 00202813 _____ () C:\Windows\hpoins18.dat
2014-12-08 16:11 - 2014-12-08 16:20 - 00001263 _____ () C:\ProgramData\hpzinstall.log
2014-12-08 16:11 - 2009-10-07 19:33 - 00005355 ____N () C:\Windows\hpomdl18.dat
2014-12-08 16:08 - 2009-07-08 04:51 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2014-12-07 18:21 - 2014-12-07 18:21 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-04 20:47 - 2014-12-12 16:07 - 00000000 ____D () C:\Windows\Minidump
2014-12-03 17:32 - 2014-12-03 17:32 - 00441003 _____ () C:\Users\Sarah\Downloads\corrected  debt mangement paperwork.zip
2014-12-02 20:12 - 2014-12-02 20:22 - 00000000 ____D () C:\Users\Sarah\Documents\Quicken
2014-12-02 20:09 - 2014-12-02 20:09 - 00001810 _____ () C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk
2014-12-02 20:09 - 2014-12-02 20:09 - 00000353 _____ () C:\Users\Public\Desktop\Free Credit Report and  Score.url
2014-12-02 20:09 - 2013-04-09 19:58 - 04200744 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
2014-12-02 20:08 - 2014-12-02 20:08 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Intuit
2014-12-02 20:08 - 2014-12-02 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013
2014-12-02 20:06 - 2014-12-02 20:07 - 101244584 _____ (Intuit Inc. ) C:\Users\Sarah\Downloads\Quicken_Deluxe_2013.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 20:37 - 2012-10-28 21:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 20:34 - 2009-07-13 23:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-01 20:34 - 2009-07-13 22:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 20:34 - 2009-07-13 22:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 20:32 - 2014-03-14 21:54 - 01727797 _____ () C:\Windows\WindowsUpdate.log
2015-01-01 20:32 - 2013-11-06 18:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 20:32 - 2012-10-28 21:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 08:11 - 2012-06-17 16:54 - 00000000 ____D () C:\ProgramData\clear.fi
2015-01-01 08:07 - 2013-10-27 10:12 - 00000000 ____D () C:\ProgramData\Cummins_Inc
2015-01-01 08:07 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 19:56 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-29 19:52 - 2009-07-13 20:34 - 95944704 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-12-29 19:52 - 2009-07-13 20:34 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-12-29 19:52 - 2009-07-13 20:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-12-29 19:52 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-12-29 19:52 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-12-29 19:12 - 2014-03-09 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-29 19:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-28 05:50 - 2012-12-20 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppServ
2014-12-28 05:50 - 2007-07-11 19:49 - 00000000 ____D () C:\Windows\Panther
2014-12-27 10:56 - 2012-10-14 20:58 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-27 10:56 - 2012-06-17 06:48 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-27 10:56 - 2012-06-17 06:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-27 10:56 - 2012-06-17 06:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-27 10:42 - 2009-07-13 22:45 - 00434272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-23 17:04 - 2013-02-16 10:22 - 00112880 _____ () C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-23 16:59 - 2012-10-19 21:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-23 15:48 - 2014-07-29 17:48 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-12-23 15:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Globalization
2014-12-10 16:04 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 15:14 - 2013-11-06 18:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 15:13 - 2012-06-17 21:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 15:13 - 2011-08-12 20:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-08 20:00 - 2010-11-21 01:16 - 00000000 ____D () C:\Windows\ShellNew
2014-12-08 19:58 - 2012-09-11 22:11 - 00000000 ____D () C:\Program Files (x86)\Kingsoft
2014-12-08 16:21 - 2012-07-10 11:10 - 00000000 ____D () C:\ProgramData\HP
2014-12-08 16:20 - 2013-12-04 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-08 16:20 - 2009-07-13 20:34 - 00000545 _____ () C:\Windows\win.ini
2014-12-08 16:19 - 2013-12-04 20:43 - 00000000 ____D () C:\Users\Sarah\AppData\Local\HP
2014-12-08 16:16 - 2013-12-04 20:44 - 00000000 ____D () C:\Program Files (x86)\HP
2014-12-08 16:11 - 2013-12-04 20:44 - 00000000 ____D () C:\Program Files\HP
2014-12-05 20:38 - 2014-06-29 08:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\mIRC
2014-12-05 20:36 - 2012-12-29 08:54 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-12-02 20:09 - 2012-06-17 16:56 - 00000000 ____D () C:\Program Files (x86)\Quicken
2014-12-02 20:08 - 2012-06-17 16:56 - 00000126 _____ () C:\Windows\QUICKEN.INI
2014-12-02 19:46 - 2013-11-15 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-02 19:46 - 2013-10-27 10:07 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-10 15:55

==================== End Of Log ===================================================================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Sarah at 2015-01-01 20:39:26
Running from C:\Users\Sarah\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4x4 Evo2 (HKLM-x32\...\4x4 Evo2) (Version:  - )
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Active@ ISO Burner (HKLM-x32\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.840 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AEF ISOBUS Check (HKLM-x32\...\AEF ISOBUS Check) (Version: 1.7.9.0 - Sontheim Industrie Elektronik GmbH)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AssemblyResolver (HKLM-x32\...\{24577DEF-1980-4159-8641-E2D2186CFBC8}) (Version: 1.00.0000 - Iveco)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{9AFCE058-629E-B087-80A8-E0E415BA6FB9}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
C3100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c3100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
CNH DATAR (HKLM-x32\...\{c9ba8852-ba8b-4d4f-8348-ec49fbec38f9}) (Version: 6.6.34 - Pico Technology)
Comm Adapter 3 (HKLM-x32\...\CA3) (Version: 3.3.1.45 - )
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cummins Inc. Update Manager (HKLM-x32\...\{D62085AC-B32F-48EC-991D-8BB740682B0D}) (Version: 3.2.00031 - Cummins Inc.)
CVI Runtime Engine (HKLM-x32\...\{3EE926F5-7B5C-45E0-966B-3F21E680BEEE}) (Version: 1.0 - National Instruments)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
EASy (HKLM-x32\...\{366E73D9-6FE7-4C42-A8A9-4CDF17B1B897}) (Version: 1.00.000 - Eltrac)
EasyWeather (HKLM-x32\...\{CE1B03BC-3C99-4580-A2AC-A41DB9B83378}) (Version:  - 1.0)
ESTITextsharpInterfaceSetup (HKLM-x32\...\{954B6A72-2E49-4BD6-84F3-34694125726A}) (Version: 1.0.0 - CNH)
ExtWinFiles (HKLM-x32\...\{4C2BA0E5-6FB9-4165-99E3-8B49CDCA2B88}) (Version: 1.00.0000 - Iveco)
EZ93 Download Manager 2.0.3 (HKLM-x32\...\EZ93 Download Manager) (Version: 2.0.3 - EZ93 Ltd)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}) (Version: 7.0.1.8244 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GreatArcadeHits (HKU\S-1-5-21-3746274514-1657659976-651233143-1002\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
IHI SHIBAURA EST I 2013B v1.0-C3 (Build 1539) (HKLM-x32\...\{AAAF7D17-3C62-49C7-A7D3-56182EF95032}) (Version: 22.0.15.1539 - IHI SHIBAURA MACHINERY CORPORATION)
INSITE (HKLM-x32\...\{AE9B2ECE-EA72-420B-9B1C-AC1BEF252C88}) (Version: 7.6.00272 - Cummins Inc.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
J2SE Runtime Environment 5.0 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kingsoft Office 2013 (9.1.0.4550) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4550 - Kingsoft Corp.)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
M.D.T. - MDT MS V1.07.3305 (HKLM-x32\...\{DB906E70-EF33-4041-B405-7E8635F27D99}) (Version: 1.07.3305 - Sontheim Industrie Elektronik GmbH)
M.D.T. - Runtime AEF V1.07.3305 (HKLM-x32\...\{7BD20150-B110-486C-B4A2-D84878DD07F7}) (Version: 1.07.3305 - Sontheim Industrie Elektronik GmbH)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Access Runtime 2010 (HKLM-x32\...\Office14.AccessRT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM-x32\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.34 - mIRC Co. Ltd.)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.3 - )
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Print@Home (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{54846D1D-E5D5-4A28-AA6D-7208259007EA}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShaPlus Bandwidth Meter 1.3.1 (HKLM-x32\...\ShaPlus Bandwidth Meter) (Version: 1.3.1 - ShaPlus Software)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SIECA 132 Multithreaded API - V7.4.43.0 (HKLM-x32\...\{7CEE6EB6-0680-45F2-838A-5C3FF34A235A}) (Version: 7.04.4300 - Sontheim Industrie Elektronik GmbH)
simpleD Budget (a FREE GNU licensed Monthly Income Budgeting As (HKLM-x32\...\simpleD Budget_is1) (Version:  - )
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sontheim Industrie Elektronik CANfox Driver v1.1.0 (HKLM-x32\...\Sontheim Industrie Elektronik CANfox Driver v1.1.0) (Version: 1.1.0 - Sontheim Industrie Elektronik GmbH)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
Switcher for SIECA 132 Multithreaded API - V7.4.43.0 (HKLM-x32\...\{A1577FC5-2B6F-449A-9624-3F8EA9307ABC}) (Version: 7.04.4300 - Sontheim Industrie Elektronik GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.9.0 - Synaptics Incorporated)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Driver Package - CAT CA3 Driver Package (04/10/2012 2.08.24) (HKLM\...\ADE2858D17C2749335F2F5AC4C1BFF67DF65024C) (Version: 04/10/2012 2.08.24 - CAT)
Windows Driver Package - Dearborn Group Inc. (http://www.DGTech.com) (NcBulk) USB Diagnostic Tools  (06/10/2010 04.08.02.15) (HKLM\...\4AD9604187698955F36D3CD1E991FBD37669D198) (Version: 06/10/2010 04.08.02.15 - Dearborn Group Inc. (http://www.DGTech.com))
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3746274514-1657659976-651233143-1002_Classes\CLSID\{32C15893-74C0-4478-879B-FE14EB684AB4}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x64\hpqgps01.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-3746274514-1657659976-651233143-1002_Classes\CLSID\{39C26CEE-9070-4B47-9261-6743499AFBF7}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x64\hpqgutil.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-3746274514-1657659976-651233143-1002_Classes\CLSID\{9CC1FE07-02F9-49A6-A3F4-63AD8BAE9E49}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x64\hpqgps01.dll (Hewlett-Packard Co.)

==================== Restore Points  =========================

18-07-2014 19:03:55 Windows Update
18-07-2014 19:37:02 Windows Update
18-07-2014 20:16:53 Windows Update
29-07-2014 17:38:35 Configured Microsoft Office Home and Student 2010 Trial
29-07-2014 18:07:50 Configured Microsoft Office Home and Student 2010
30-07-2014 19:23:05 Windows Update
30-07-2014 19:28:43 Windows Update
01-12-2014 16:20:45 Windows Update
01-12-2014 16:38:11 Windows Update
02-12-2014 19:43:12 Configured Microsoft Office Home and Student 2010
05-12-2014 20:32:12 Windows Update
10-12-2014 15:24:56 Windows Update
23-12-2014 15:30:31 Windows Update
27-12-2014 10:53:48 Windows Update
28-12-2014 05:48:19 Removed CNH DATAR.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-01-20 07:42 - 2014-12-29 19:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B97D7E6-E52E-4890-88A2-AE394D95C33C} - System32\Tasks\{3C7E4019-4F6D-4F3D-AA38-11F094B4B3E1} => D:\Setup.exe
Task: {1F743870-4388-412A-A1ED-292F054ED851} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {2B972FCD-AEB3-4F13-90D7-7B9D6AB61FE5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {2FF2E13F-C1B8-4C51-8D42-38F66CA13FDC} - System32\Tasks\{11CF4404-411C-457B-81CD-EA04116BB915} => D:\launcher.exe
Task: {33A64AF7-402A-423C-AD89-C3E055103D01} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {36126C94-38CF-4F80-8310-362F08DCF264} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {47027C6E-C9C2-4F56-8797-7FEB8E7E031C} - System32\Tasks\{E3A02E15-5A7C-4B4D-9E0A-36A33D4D5EA4} => D:\Setup.exe
Task: {4A842CA2-1AA8-45EC-A01F-D80B82641991} - System32\Tasks\{8D04BB9E-88E7-4D73-B0D2-60BD867C03E4} => D:\Setup.exe
Task: {507F084F-9566-4977-9A94-3AF087FC65D2} - System32\Tasks\{FA6BB58F-C4CE-46F6-8E2F-96F86568DBBD} => D:\Setup.exe
Task: {5EC449EA-4409-481C-B6E9-761F030BE4A0} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {6FF2583F-FE97-443A-A589-13E953D93392} - System32\Tasks\{D7559833-2BFA-447A-93B4-38DF4E7653CE} => D:\Setup.exe
Task: {72B00A85-4A3E-4980-98F1-E4462F605226} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {760CC9C6-12BF-4F26-BA44-E507FA7F534F} - System32\Tasks\{A94F7C93-012E-4917-A344-2E9B6B1B7D70} => D:\Setup.exe
Task: {76DEE5FE-04B5-465F-9F18-4C1C6B5D7E2E} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7914F69D-E090-484A-A905-5631B0C23B21} - System32\Tasks\{0B1B6502-BCCD-4B7B-9F55-224C1EABAC2F} => D:\Setup.exe
Task: {8249C894-3FD6-4A0F-BC8B-9076FB972100} - System32\Tasks\{4BEA9D19-A1A3-41AC-BF7E-6758817BAD0B} => D:\Setup.exe
Task: {860C20AF-9428-4FAB-BFEB-37948031938F} - System32\Tasks\{4A5D8EC0-A385-44F5-8AC5-674705337160} => D:\launcher.exe
Task: {8ECBBE81-FD63-43DB-82CB-3FC5059C698B} - System32\Tasks\{61F691E8-3E4E-431C-858A-C0C9738CD62B} => D:\Setup.exe
Task: {932DBBBC-24CD-453D-AAE9-3662867A8CB4} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9B27A7D6-8FD4-4C2C-8F82-94D1AE7A6ED5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {9D1AE6BE-146A-4E42-A73D-6003A5838078} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9FB1338E-3A35-4573-9C0A-F6EE93CED69C} - System32\Tasks\{1FC78D44-2D18-476A-9F1C-05B03A7A5390} => D:\Setup.exe
Task: {B18FE67E-8A76-4C11-AB95-E46509A241C2} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {BC234A71-5DC8-4DB9-B451-468643E1A253} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {CD6291AF-22FB-4BEE-94DF-DC478AADCB39} - System32\Tasks\{7810DADD-95D2-4A65-A11D-837B85E87706} => D:\Setup.exe
Task: {D50A5BCE-7DBC-40D2-853F-CFB782F07891} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {D702A7A5-1B0A-47F2-B2C6-CA11D0BAC2F4} - System32\Tasks\WpsNotifyTask_Sarah => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [2014-03-30] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {D7A4EBFA-BE48-403C-ABD7-CF7C6C3926D7} - System32\Tasks\WpsUpdateTask_Sarah => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-12-08] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {DAD26738-C846-4E4D-8AFC-96770FB821D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {E539CA78-A96A-4C19-B90D-5A512D95B8CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F113F627-96AC-430F-8D89-09EEEB37DFD8} - System32\Tasks\{4DEE0035-F3E0-40EF-8337-23C96BC21C00} => pcalua.exe -a C:\Users\Chris\Downloads\air3-5_win.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {FF328C2B-16A8-401A-BE5C-B8B2A5A3EB86} - System32\Tasks\{50E7E654-7E6C-4140-8EAB-60FC6E9BD50F} => D:\Setup.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WpsNotifyTask_Sarah.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Sarah.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-23 17:03 - 2014-12-22 03:15 - 00065696 ____N () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-12-23 17:03 - 2014-12-22 03:15 - 00394088 ____N () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
2014-12-23 17:03 - 2014-12-22 03:15 - 01105408 ____N () C:\Program Files (x86)\Elex-tech\YAC\isafechlp.dll
2014-12-23 17:03 - 2014-12-22 03:15 - 00185640 ____N () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-23 19:29 - 2011-04-23 19:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-23 19:29 - 2011-04-23 19:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-23 19:29 - 2011-04-23 19:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-12-23 17:03 - 2014-12-22 03:23 - 00198440 ____N () C:\Program Files (x86)\Elex-tech\YAC\iTPMsgCenter.dll
2011-08-24 20:03 - 2011-08-24 20:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-12-29 19:12 - 2014-11-26 10:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-08 13:36 - 2014-02-10 11:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wudfsvc => 3

========================= Accounts: ==========================

Administrator (S-1-5-21-3746274514-1657659976-651233143-500 - Administrator - Disabled)
Guest (S-1-5-21-3746274514-1657659976-651233143-501 - Limited - Enabled) => C:\Users\Guest
Sarah (S-1-5-21-3746274514-1657659976-651233143-1002 - Administrator - Enabled) => C:\Users\Sarah

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2015 08:08:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 07:56:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/01/2015 08:08:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Cummins Update Service service hung on starting.

Error: (01/01/2015 08:07:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PCSMHNT service failed to start due to the following error:
%%1275

Error: (01/01/2015 08:07:12 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\PCSMHNT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/01/2015 08:07:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PARCAII service failed to start due to the following error:
%%1275

Error: (01/01/2015 08:07:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\PARCAII.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/01/2015 08:07:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The J1939NT service failed to start due to the following error:
%%1275

Error: (01/01/2015 08:07:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\J1939NT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/01/2015 08:07:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The J1708NT service failed to start due to the following error:
%%1275

Error: (01/01/2015 08:07:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\J1708NT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/01/2015 08:07:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DLASIPNT service failed to start due to the following error:
%%1275


Microsoft Office Sessions:
=========================
Error: (01/01/2015 08:08:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 07:56:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-12-29 19:51:02.480
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-29 19:51:02.370
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A6-3400M APU with Radeon™ HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 3562.9 MB
Available physical RAM: 1790.32 MB
Total Pagefile: 7123.98 MB
Available Pagefile: 4976.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:377.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 29DC4168)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:34 AM

Posted 02 January 2015 - 09:14 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3746274514-1657659976-651233143-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2014-12-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2014-12-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2014-12-22] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2014-12-12] (Elex do Brasil Participações Ltda)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
 C:\Program Files (x86)\Elex-tech

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 chris.hillegas

chris.hillegas
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jonesboro, AR
  • Local time:10:34 AM

Posted 02 January 2015 - 10:49 AM

I attatched the FixLog because it was too large to post hope that is okay.

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 YAC(Yet Another Cleaner!)   
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

Computer is running much better, and the redirects have stopped.  Malware bytes kept blocking IP addresses when I didn't even have my browser open, that has also stoped.  Thank you so much for your help. Any suggestions to prevent this from happening again??

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:34 AM

Posted 03 January 2015 - 08:29 AM

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users