Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected big time


  • This topic is locked This topic is locked
15 replies to this topic

#1 maineboy64

maineboy64

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 29 December 2014 - 09:21 AM

This is my first post and I'm using the on-screen keyboard to type this because most of the keys on my surface keyboard(sk) have been hijacked.  This all started last night.  The first problem I had was that the keys on my sk were not corresponding to what keys I was pressing.  And sometimes I'd type one letter in the browser but three letters would come up.  I switched off the computer and later tried to get in again but couldn't because of the keyboard hijack.  No worries, I utilised the on-screen keyboard and got back in.  While in I did an avg complete scan and it picked up one thing: a Trojan horse generic.(In a second scan it was picked up again, meaning avg hadn't deleted it the first time around.) That night I switched off the computer and in the morning turned it on again.  However this time the on screen keyboard had now been hijacked and the shift keys were flashing between lower and upper case letters, making it impossible to log in with my lower case password   Later miraculously I did manage to get back in and found you guys here at bleeping.  I should mention that I probably visited an infected page/site because I never clicked on any links in my emails.  I'm also using wireless.

 

My keyboard is still disabled even though avg has deleted it twice and I also returned the computer to an earlier time . . . one week to be precise.  As advised I did a HijackThis scan and here are the results:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:18:30, on 29/12/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

Boot mode: Normal

Running processes:
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Paul\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6EUUL3SY\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Magic Desktop for HP notification] "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Users\Paul\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe -update activex
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:     
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13964 bytes

 

 

Any help much appreciated.

 

 

 

 



BC AdBot (Login to Remove)

 


#2 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 December 2014 - 10:45 PM

Update: Have run spybot and malwarebytes and computer seems more stable.  However the following keys on the surface keyboard still don't respond: q,w,e,r,u,i,o,p.  I'm running spyhunter4 now and it has picked up 18 threats.  Not sure if it will fix this bug?  You guys have any ideas?  Still waiting.   



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 02 January 2015 - 11:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#4 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 02 January 2015 - 09:54 PM

Thanks Nasdaq.  Here are the results:

 

# AdwCleaner v4.106 - Report created 03/01/2015 at 09:04:14
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Paul - PAULS-PC
# Running from : C:\Users\Paul\Downloads\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : YahooAUService
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [10291 octets] - [30/12/2014 09:06:03]
AdwCleaner[R1].txt - [904 octets] - [03/01/2015 08:54:44]
AdwCleaner[S0].txt - [9297 octets] - [30/12/2014 09:39:56]
AdwCleaner[S1].txt - [828 octets] - [03/01/2015 09:04:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [887 octets] ##########
 
and:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2015
Ran by Paul (administrator) on PAULS-PC on 03-01-2015 09:33:36
Running from C:\Users\Paul\Downloads
Loaded Profile: Paul (Available profiles: Paul)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC207\Monitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
() C:\Users\Paul\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(CyberLink Corp.) C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Farbar) C:\Users\Paul\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-15] (Sun Microsystems, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [PAC207_Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-22] (Easybits)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Paul\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-23] ()
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {2255d30e-d04b-11e1-9256-001e101f4da1} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {230990fb-1c5a-11e2-a6a6-001e101fe70e} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {5617abe2-a94d-11df-a7b9-00269e881454} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {6718c26b-41fe-11e1-ac99-00269e881454} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {6718c3c3-41fe-11e1-ac99-00269e881454} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {6718c3d0-41fe-11e1-ac99-00269e881454} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {72783f1e-45ac-11e1-92a4-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {86d9c8cf-ea23-11e1-91e3-001e101f36d9} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {8fb0c54a-cc1e-11df-a2b3-00269e881454} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {936339a9-a174-11df-b13b-00269e881454} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {9cbfd109-a2cd-11df-a3fe-00269e881454} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {9cbfd10b-a2cd-11df-a3fe-00269e881454} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {9e3b13c1-e46f-11e1-a381-001e101f8924} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {a5eafd7a-d1cc-11e1-95c7-00269e881454} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {a5eafd8f-d1cc-11e1-95c7-00269e881454} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {e80c860d-c9f9-11e1-a835-001e101fb4df} - F:\AutoRun.exe
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
SearchScopes: HKLM -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1473311476-28869768-3281747046-1000 -> {44CDBA3E-10A7-4E11-A11D-B33B3D151CDA} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1473311476-28869768-3281747046-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-1473311476-28869768-3281747046-1000 -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1473311476-28869768-3281747046-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Paul\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.co.uk/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-31]
CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-08]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-31]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-01-03]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-08]
CHR Extension: (Google Sheets) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-31]
CHR Extension: (Norton Identity Safe) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-03]
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-10] (AVG Technologies CZ, s.r.o.)
R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1740696 2011-03-23] ()
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-23] (EasyBits Sofware AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-05] (Hewlett-Packard Company) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-15] (IBM Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-22] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-18] (Vodafone) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-19] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-30] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-29] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-19] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [371712 2010-11-23] (Beceem communications pvt ltd.) [File not signed]
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [59904 2010-11-23] (Beceem communications pvt ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [686592 2009-06-04] (PixArt Imaging Inc.)
R1 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2014-12-09] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-12-15] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-12-15] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-12-15] (IBM Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-12-21] (Synaptics Incorporated)
R4 ccSet_NS; \SystemRoot\system32\drivers\NSx64\1600000.06E\ccSetx64.sys [X]
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
U4 eabfiltr; No ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
R4 IDSVia64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150101.001\IDSvia64.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
R4 SRTSPX; \SystemRoot\system32\drivers\NSx64\1600000.06E\SRTSPX64.SYS [X]
R4 SymDS; system32\drivers\NSx64\1600000.06E\SYMDS64.SYS [X]
R4 SymEFA; system32\drivers\NSx64\1600000.06E\SYMEFA64.SYS [X]
R4 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-03 09:33 - 2015-01-03 09:34 - 00024858 _____ () C:\Users\Paul\Downloads\FRST.txt
2015-01-03 09:32 - 2015-01-03 09:33 - 00000000 ___DC () C:\FRST
2015-01-03 09:32 - 2015-01-03 09:32 - 02123264 _____ (Farbar) C:\Users\Paul\Downloads\FRST64 (1).exe
2015-01-03 09:26 - 2015-01-03 09:26 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPaul
2015-01-03 09:26 - 2015-01-03 09:26 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForPaul.job
2015-01-03 09:22 - 2015-01-03 09:22 - 02123264 _____ (Farbar) C:\Users\Paul\Downloads\frst64.exe
2015-01-03 08:50 - 2015-01-03 08:46 - 02173952 _____ () C:\Users\Paul\Desktop\adwcleaner_4.106.exe
2015-01-03 08:45 - 2015-01-03 08:46 - 02173952 _____ () C:\Users\Paul\Downloads\adwcleaner_4.106.exe
2015-01-03 07:42 - 2015-01-03 09:31 - 00000000 ____D () C:\Program Files (x86)\Norton Security
2015-01-03 07:32 - 2015-01-03 07:41 - 115614832 ____N (Symantec Corporation) C:\Users\Paul\Downloads\NS-TW-22.0.0-EN-UK.exe
2015-01-03 07:24 - 2015-01-03 07:24 - 00000359 _____ () C:\Users\Paul\Desktop\Recycle Bin - Shortcut.lnk
2015-01-02 16:00 - 2015-01-02 16:00 - 00000213 _____ () C:\Users\Paul\Documents\Mayette.txt
2015-01-01 08:26 - 2015-01-01 08:28 - 02347384 _____ (ESET) C:\Users\Paul\Downloads\esetsmartinstaller_enu.exe
2014-12-31 08:43 - 2015-01-03 09:07 - 00003972 _____ () C:\Windows\PFRO.log
2014-12-31 08:43 - 2015-01-03 09:07 - 00000504 _____ () C:\Windows\setupact.log
2014-12-31 08:43 - 2014-12-31 08:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-31 01:12 - 2014-12-31 01:12 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-31 01:12 - 2014-12-31 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-31 01:07 - 2015-01-03 09:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 01:07 - 2015-01-03 09:10 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 01:07 - 2014-12-31 01:07 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-31 01:07 - 2014-12-31 01:07 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-30 10:34 - 2015-01-03 09:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 10:33 - 2014-12-30 10:33 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 10:33 - 2014-12-30 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 10:32 - 2014-12-30 10:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 10:32 - 2014-12-30 10:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 10:32 - 2014-11-21 06:23 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-30 10:32 - 2014-11-21 06:23 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-30 10:32 - 2014-11-21 06:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-30 09:05 - 2015-01-03 09:04 - 00000000 ___DC () C:\AdwCleaner
2014-12-30 01:06 - 2014-12-31 11:51 - 00000159 _____ () C:\Windows\wininit.ini
2014-12-29 23:11 - 2014-12-29 23:11 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-29 21:18 - 2014-12-29 21:18 - 00013966 _____ () C:\Users\Paul\Documents\hijackthis.log
2014-12-29 12:55 - 2014-09-05 08:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-28 22:06 - 2015-01-01 08:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-28 22:06 - 2014-12-31 11:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-28 22:06 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-28 21:59 - 2014-12-28 22:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Paul\Downloads\spybot-2.4.exe
2014-12-25 14:50 - 2014-12-25 14:51 - 00000000 ____D () C:\Users\Paul\AppData\Local\{7F95A185-F950-48F3-B0EC-4E9008BC7DD5}
2014-12-22 21:30 - 2014-12-22 21:30 - 00000000 ____D () C:\Users\Paul\AppData\Local\{60D14A19-5C8D-4BF1-A33C-7F095237EAC3}
2014-12-22 09:49 - 2014-09-05 09:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-21 15:45 - 2013-10-02 08:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-21 15:41 - 2013-10-02 09:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-21 15:41 - 2013-10-02 09:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-21 15:41 - 2013-10-02 09:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-21 15:40 - 2013-10-02 08:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-21 15:40 - 2013-10-02 08:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-21 15:40 - 2013-10-02 08:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-21 15:40 - 2013-10-02 07:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-21 15:40 - 2013-10-02 07:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-12-21 15:40 - 2013-10-02 07:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-12-21 15:40 - 2013-10-02 07:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-21 15:40 - 2013-10-02 07:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-21 15:40 - 2013-10-02 06:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-21 15:40 - 2013-10-02 06:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-21 15:40 - 2013-10-02 06:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-21 15:40 - 2013-10-02 05:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-21 11:44 - 2014-12-29 11:40 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Yahoo!
2014-12-21 11:43 - 2014-12-21 11:43 - 00001097 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2014-12-21 11:43 - 2014-12-21 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-12-21 11:29 - 2014-12-21 11:29 - 00691112 _____ (Yahoo! Inc.) C:\Users\Paul\Downloads\msgr11sg.exe
2014-12-18 03:38 - 2014-12-13 12:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 03:38 - 2014-12-13 10:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 20:29 - 2014-12-11 20:29 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 12:02 - 2014-10-18 09:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 12:02 - 2014-10-18 08:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 12:02 - 2014-07-07 09:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 12:02 - 2014-07-07 09:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 12:02 - 2014-07-07 09:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 12:02 - 2014-07-07 09:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 12:02 - 2014-07-07 08:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 12:02 - 2014-07-07 08:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 12:02 - 2014-07-07 08:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 12:02 - 2014-07-07 08:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 11:56 - 2014-10-03 09:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 11:56 - 2014-10-03 09:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 11:56 - 2014-10-03 09:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 11:56 - 2014-10-03 09:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 11:56 - 2014-10-03 09:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 11:56 - 2014-10-03 08:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 11:56 - 2014-10-03 08:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 11:56 - 2014-10-03 08:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 11:56 - 2014-10-03 08:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 11:56 - 2014-10-03 08:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 11:49 - 2014-12-11 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-11 11:14 - 2014-12-04 09:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 11:14 - 2014-12-04 09:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 11:14 - 2014-12-04 09:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 11:14 - 2014-12-04 09:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 11:14 - 2014-12-02 06:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 11:14 - 2014-11-08 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 11:14 - 2014-11-08 09:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 11:13 - 2014-12-04 09:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 11:13 - 2014-12-04 09:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 11:13 - 2014-12-04 09:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 11:13 - 2014-11-27 08:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 11:13 - 2014-11-27 08:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 11:13 - 2014-11-22 10:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 11:13 - 2014-11-22 10:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 11:13 - 2014-11-22 10:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 11:13 - 2014-11-22 09:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 11:13 - 2014-11-22 09:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 11:13 - 2014-11-22 09:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 11:13 - 2014-11-22 09:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 11:13 - 2014-11-22 09:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 11:13 - 2014-11-22 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 11:13 - 2014-11-22 09:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 11:13 - 2014-11-22 09:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 11:13 - 2014-11-22 09:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 11:13 - 2014-11-22 09:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 11:13 - 2014-11-22 09:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 11:13 - 2014-11-22 09:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 11:13 - 2014-11-22 09:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 11:13 - 2014-11-22 09:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 11:13 - 2014-11-22 09:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 11:13 - 2014-11-22 09:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 11:13 - 2014-11-22 09:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 11:13 - 2014-11-22 09:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 11:13 - 2014-11-22 09:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 11:13 - 2014-11-22 09:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 11:13 - 2014-11-22 09:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 11:13 - 2014-11-22 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 11:13 - 2014-11-22 09:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 11:13 - 2014-11-22 09:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 11:13 - 2014-11-22 08:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 11:13 - 2014-11-22 08:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 11:13 - 2014-11-22 08:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 11:13 - 2014-11-22 08:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 11:13 - 2014-11-22 08:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 11:13 - 2014-11-22 08:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 11:13 - 2014-11-22 08:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 11:13 - 2014-11-22 08:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 11:13 - 2014-11-22 08:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 11:13 - 2014-11-22 08:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 11:13 - 2014-11-22 08:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 11:13 - 2014-11-22 08:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 11:13 - 2014-11-22 08:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 11:13 - 2014-11-22 08:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 11:13 - 2014-11-22 08:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 11:13 - 2014-11-22 08:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 11:13 - 2014-11-22 08:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 11:13 - 2014-11-22 08:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 11:13 - 2014-11-22 08:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 11:13 - 2014-11-22 08:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 11:13 - 2014-11-22 08:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 11:13 - 2014-11-22 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 11:13 - 2014-11-22 08:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 11:13 - 2014-11-22 07:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 11:13 - 2014-11-22 07:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 11:05 - 2014-11-11 10:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 11:05 - 2014-11-11 09:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 11:05 - 2014-11-11 08:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 11:04 - 2014-10-30 09:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 11:04 - 2014-10-30 08:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 03:17 - 2014-12-11 03:17 - 03540144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 08:44 - 2014-12-09 08:50 - 84457653 _____ () C:\Users\Paul\Downloads\SO03279399-patrickball2-mp3.zip
2014-12-05 23:55 - 2014-12-31 14:22 - 00000000 ____D () C:\Users\Paul\Downloads\Thuy2014
2014-12-05 23:24 - 2014-12-05 23:28 - 23034066 _____ () C:\Users\Paul\Downloads\photo.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-03 09:20 - 2010-08-06 09:28 - 01508080 _____ () C:\Windows\WindowsUpdate.log
2015-01-03 09:18 - 2009-07-14 11:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-03 09:18 - 2009-07-14 11:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-03 09:17 - 2012-04-22 12:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-03 09:13 - 2010-08-13 05:11 - 00000000 ____D () C:\Users\Paul\AppData\Local\CrashDumps
2015-01-03 09:11 - 2010-08-06 09:33 - 00000292 _____ () C:\ProgramData\hpqp.ini
2015-01-03 09:07 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-03 08:27 - 2014-06-08 23:37 - 00000000 ____D () C:\Users\Paul\Downloads\MyFilipina
2015-01-03 07:42 - 2009-08-15 01:37 - 00000000 ____D () C:\ProgramData\Norton
2015-01-03 07:25 - 2013-07-27 06:18 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-02 23:24 - 2010-12-24 00:57 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype
2015-01-02 18:04 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2015-01-01 10:12 - 2010-08-13 01:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-01 10:11 - 2011-10-28 07:06 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-31 16:18 - 2010-08-06 04:26 - 00000000 ____D () C:\Users\Paul
2014-12-31 14:19 - 2010-08-06 15:55 - 01157315 _____ () C:\Users\Paul\Documents\Americanization.odt
2014-12-31 14:12 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-31 08:51 - 2013-08-11 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-12-31 01:11 - 2010-08-06 15:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-31 01:06 - 2011-05-25 00:47 - 00000000 ____D () C:\Users\Paul\AppData\Local\Deployment
2014-12-30 22:41 - 2013-09-13 03:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-12-30 15:36 - 2011-05-28 06:17 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-12-30 08:30 - 2014-08-24 19:37 - 00000000 ____D () C:\Users\Paul\AppData\Local\Adobe
2014-12-29 12:11 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-29 12:10 - 2010-08-13 06:39 - 00000000 ____D () C:\Users\Paul\AppData\Local\QuickPlay
2014-12-29 12:01 - 2013-12-22 17:32 - 00000000 ____D () C:\ProgramData\Easybits Magic Desktop for HP
2014-12-29 12:01 - 2012-04-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-29 12:00 - 2014-10-23 15:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-29 11:59 - 2010-08-06 16:24 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-12-29 11:42 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\registration
2014-12-29 11:33 - 2014-10-23 16:08 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-29 11:33 - 2014-10-23 15:56 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-29 11:33 - 2014-10-23 15:56 - 00000000 ____D () C:\Program Files\iTunes
2014-12-29 11:33 - 2014-10-23 15:56 - 00000000 ____D () C:\Program Files\iPod
2014-12-29 11:32 - 2013-06-02 19:38 - 00000000 __SHD () C:\found.000
2014-12-29 11:32 - 2010-08-06 05:15 - 00000000 __RHD () C:\MSOCache
2014-12-25 09:58 - 2013-06-01 18:10 - 00000000 ____D () C:\Users\Paul\Downloads\SexyPinay
2014-12-22 07:07 - 2009-07-14 10:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-21 11:45 - 2010-08-06 22:00 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-12-21 11:45 - 2010-08-06 21:59 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-12-20 08:47 - 2009-07-14 12:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-19 19:56 - 2009-07-14 12:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-18 08:50 - 2010-12-24 00:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-18 08:50 - 2010-12-24 00:57 - 00000000 ____D () C:\ProgramData\Skype
2014-12-15 23:03 - 2010-12-24 00:52 - 00534104 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-12-15 19:32 - 2010-08-13 06:39 - 00000021 _____ () C:\ProgramData\hpqp.txt
2014-12-11 20:29 - 2014-04-30 16:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 20:27 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 12:16 - 2009-08-15 02:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 12:13 - 2013-07-11 22:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 12:06 - 2010-08-07 06:50 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 03:18 - 2012-04-22 12:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 03:17 - 2012-04-22 12:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 03:17 - 2011-07-02 16:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-05 00:14 - 2010-08-06 10:00 - 00000000 ____D () C:\ProgramData\Recovery
 
Some content of TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\Paul\AppData\Local\Temp\sqlite3.dll
C:\Users\Paul\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NS_29280.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 21:22
 
==================== End Of Log ============================
 
Addition is attached as advised.  Thanks.
 
 
 

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 03 January 2015 - 09:33 AM


Refer to this page.
http://www.shouldiremoveit.com/Image-Editor-Packages-72208-program.aspx

I suggest you remove this program using the Add/Remove program applet.
Image Editor Packages (HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Image Editor Packages) (Version: - ) <==== ATTENTION
---

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
R4 ccSet_NS; \SystemRoot\system32\drivers\NSx64\1600000.06E\ccSetx64.sys [X]
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
U4 eabfiltr; No ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
R4 IDSVia64; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20150101.001\IDSvia64.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
R4 SRTSPX; \SystemRoot\system32\drivers\NSx64\1600000.06E\SRTSPX64.SYS [X]
R4 SymDS; system32\drivers\NSx64\1600000.06E\SYMDS64.SYS [X]
R4 SymEFA; system32\drivers\NSx64\1600000.06E\SYMEFA64.SYS [X]
R4 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
AlternateDataStreams: C:\Users\Paul\Documents\Sussex.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Paul\Documents\Sussex.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

If the problem persists with the Keyboard you should clean (use the vacuum cleaner ) on it, or try an other one.

#6 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 03 January 2015 - 11:23 PM

I removed the Image Editor Packages and also generated the report:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Paul (administrator) on PAULS-PC on 04-01-2015 11:07:45
Running from C:\Users\Paul\Desktop
Loaded Profile: Paul (Available profiles: Paul)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC207\Monitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
() C:\Users\Paul\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-15] (Sun Microsystems, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [PAC207_Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-22] (Easybits)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Paul\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-23] ()
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7394584 2014-12-13] (Piriform Ltd)
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {2255d30e-d04b-11e1-9256-001e101f4da1} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {230990fb-1c5a-11e2-a6a6-001e101fe70e} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {5617abe2-a94d-11df-a7b9-00269e881454} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {6718c26b-41fe-11e1-ac99-00269e881454} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {6718c3c3-41fe-11e1-ac99-00269e881454} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {6718c3d0-41fe-11e1-ac99-00269e881454} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {72783f1e-45ac-11e1-92a4-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {86d9c8cf-ea23-11e1-91e3-001e101f36d9} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {8fb0c54a-cc1e-11df-a2b3-00269e881454} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {936339a9-a174-11df-b13b-00269e881454} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {9cbfd109-a2cd-11df-a3fe-00269e881454} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {9cbfd10b-a2cd-11df-a3fe-00269e881454} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {9e3b13c1-e46f-11e1-a381-001e101f8924} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {a5eafd7a-d1cc-11e1-95c7-00269e881454} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {a5eafd8f-d1cc-11e1-95c7-00269e881454} - F:\AutoRun.exe
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\...\MountPoints2: {e80c860d-c9f9-11e1-a835-001e101fb4df} - F:\AutoRun.exe
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
HKU\S-1-5-21-1473311476-28869768-3281747046-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
SearchScopes: HKLM -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-1473311476-28869768-3281747046-1000 -> {44CDBA3E-10A7-4E11-A11D-B33B3D151CDA} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1473311476-28869768-3281747046-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-1473311476-28869768-3281747046-1000 -> {F9FC1670-8AD8-4BDC-8E58-56EB224739CA} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1473311476-28869768-3281747046-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Paul\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.co.uk/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-31]
CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-08]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-31]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-08]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-08]
CHR Extension: (Google Sheets) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-31]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-10] (AVG Technologies CZ, s.r.o.)
R2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1740696 2011-03-23] ()
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-23] (EasyBits Sofware AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-05] (Hewlett-Packard Company) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-15] (IBM Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-22] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-18] (Vodafone) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-19] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-30] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-29] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-19] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [371712 2010-11-23] (Beceem communications pvt ltd.) [File not signed]
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [59904 2010-11-23] (Beceem communications pvt ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [686592 2009-06-04] (PixArt Imaging Inc.)
R1 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2014-12-09] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-12-15] (IBM Corp.)
R3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [424856 2014-12-09] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-12-15] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-12-15] (IBM Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-12-21] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-04 11:07 - 2015-01-04 11:10 - 00022366 _____ () C:\Users\Paul\Desktop\FRST.txt
2015-01-04 09:35 - 2015-01-04 09:35 - 00000215 _____ () C:\Users\Paul\Downloads\Search.txt
2015-01-04 09:34 - 2015-01-04 09:34 - 02123776 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2015-01-04 08:38 - 2015-01-04 08:38 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-01-04 08:37 - 2015-01-04 08:37 - 00001229 _____ () C:\Users\Paul\Desktop\Should I Remove It.lnk
2015-01-04 08:37 - 2015-01-04 08:37 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2015-01-04 08:37 - 2015-01-04 08:37 - 00000000 ____D () C:\Program Files (x86)\Reason
2015-01-04 08:29 - 2015-01-04 08:29 - 02178048 _____ (Reason Software Company Inc.) C:\Users\Paul\Downloads\ShouldIRemoveIt_Setup.exe
2015-01-04 01:00 - 2015-01-04 11:02 - 00000112 _____ () C:\Windows\setupact.log
2015-01-04 01:00 - 2015-01-04 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 18:28 - 2015-01-03 18:29 - 05317104 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup501.exe
2015-01-03 09:51 - 2015-01-03 09:49 - 00000615 _____ () C:\Users\Paul\Documents\Addition.lnk
2015-01-03 09:36 - 2015-01-03 09:47 - 00036161 _____ () C:\Users\Paul\Downloads\Addition.txt
2015-01-03 09:33 - 2015-01-03 09:59 - 00049563 _____ () C:\Users\Paul\Downloads\FRST.txt
2015-01-03 09:32 - 2015-01-04 11:07 - 00000000 ___DC () C:\FRST
2015-01-03 09:26 - 2015-01-03 15:57 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForPaul.job
2015-01-03 09:26 - 2015-01-03 09:26 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPaul
2015-01-03 08:50 - 2015-01-03 08:46 - 02173952 _____ () C:\Users\Paul\Desktop\adwcleaner_4.106.exe
2015-01-03 08:45 - 2015-01-03 08:46 - 02173952 _____ () C:\Users\Paul\Downloads\adwcleaner_4.106.exe
2015-01-03 07:32 - 2015-01-03 07:41 - 115614832 ____N (Symantec Corporation) C:\Users\Paul\Downloads\NS-TW-22.0.0-EN-UK.exe
2015-01-03 07:24 - 2015-01-03 07:24 - 00000359 _____ () C:\Users\Paul\Desktop\Recycle Bin - Shortcut.lnk
2015-01-02 16:00 - 2015-01-02 16:00 - 00000213 _____ () C:\Users\Paul\Documents\Mayette.txt
2015-01-01 08:26 - 2015-01-01 08:28 - 02347384 _____ (ESET) C:\Users\Paul\Downloads\esetsmartinstaller_enu.exe
2014-12-31 01:12 - 2014-12-31 01:12 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-31 01:12 - 2014-12-31 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-31 01:07 - 2015-01-04 11:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 01:07 - 2015-01-04 11:05 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 01:07 - 2014-12-31 01:07 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-31 01:07 - 2014-12-31 01:07 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-30 10:34 - 2015-01-04 11:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 10:33 - 2014-12-30 10:33 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 10:33 - 2014-12-30 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 10:32 - 2014-12-30 10:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 10:32 - 2014-12-30 10:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 10:32 - 2014-11-21 06:23 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-30 10:32 - 2014-11-21 06:23 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-30 10:32 - 2014-11-21 06:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-30 09:05 - 2015-01-03 09:04 - 00000000 ___DC () C:\AdwCleaner
2014-12-30 01:06 - 2014-12-31 11:51 - 00000159 _____ () C:\Windows\wininit.ini
2014-12-29 23:11 - 2014-12-29 23:11 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-29 21:18 - 2014-12-29 21:18 - 00013966 _____ () C:\Users\Paul\Documents\hijackthis.log
2014-12-29 12:55 - 2014-09-05 08:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-28 22:06 - 2015-01-01 08:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-28 22:06 - 2014-12-31 11:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-28 22:06 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-28 21:59 - 2014-12-28 22:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Paul\Downloads\spybot-2.4.exe
2014-12-25 14:50 - 2014-12-25 14:51 - 00000000 ____D () C:\Users\Paul\AppData\Local\{7F95A185-F950-48F3-B0EC-4E9008BC7DD5}
2014-12-22 21:30 - 2014-12-22 21:30 - 00000000 ____D () C:\Users\Paul\AppData\Local\{60D14A19-5C8D-4BF1-A33C-7F095237EAC3}
2014-12-22 09:49 - 2014-09-05 09:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-21 15:45 - 2013-10-02 08:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-21 15:41 - 2013-10-02 09:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-21 15:41 - 2013-10-02 09:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-21 15:41 - 2013-10-02 09:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-21 15:40 - 2013-10-02 08:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-21 15:40 - 2013-10-02 08:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-21 15:40 - 2013-10-02 08:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-21 15:40 - 2013-10-02 07:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-21 15:40 - 2013-10-02 07:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-12-21 15:40 - 2013-10-02 07:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-12-21 15:40 - 2013-10-02 07:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-21 15:40 - 2013-10-02 07:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-21 15:40 - 2013-10-02 06:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-21 15:40 - 2013-10-02 06:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-21 15:40 - 2013-10-02 06:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-21 15:40 - 2013-10-02 05:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-21 11:44 - 2014-12-29 11:40 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Yahoo!
2014-12-21 11:43 - 2014-12-21 11:43 - 00001097 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2014-12-21 11:43 - 2014-12-21 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-12-21 11:29 - 2014-12-21 11:29 - 00691112 _____ (Yahoo! Inc.) C:\Users\Paul\Downloads\msgr11sg.exe
2014-12-18 03:38 - 2014-12-13 12:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 03:38 - 2014-12-13 10:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 20:29 - 2014-12-11 20:29 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 12:02 - 2014-10-18 09:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 12:02 - 2014-10-18 08:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 12:02 - 2014-07-07 09:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 12:02 - 2014-07-07 09:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 12:02 - 2014-07-07 09:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 12:02 - 2014-07-07 09:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 12:02 - 2014-07-07 08:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 12:02 - 2014-07-07 08:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 12:02 - 2014-07-07 08:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 12:02 - 2014-07-07 08:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 11:56 - 2014-10-03 09:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 11:56 - 2014-10-03 09:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 11:56 - 2014-10-03 09:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 11:56 - 2014-10-03 09:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 11:56 - 2014-10-03 09:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 11:56 - 2014-10-03 08:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 11:56 - 2014-10-03 08:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 11:56 - 2014-10-03 08:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 11:56 - 2014-10-03 08:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 11:56 - 2014-10-03 08:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 11:49 - 2014-12-11 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-11 11:14 - 2014-12-04 09:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 11:14 - 2014-12-04 09:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 11:14 - 2014-12-04 09:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 11:14 - 2014-12-04 09:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 11:14 - 2014-12-02 06:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 11:14 - 2014-11-08 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 11:14 - 2014-11-08 09:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 11:13 - 2014-12-04 09:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 11:13 - 2014-12-04 09:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 11:13 - 2014-12-04 09:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 11:13 - 2014-11-27 08:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 11:13 - 2014-11-27 08:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 11:13 - 2014-11-22 10:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 11:13 - 2014-11-22 10:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 11:13 - 2014-11-22 10:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 11:13 - 2014-11-22 09:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 11:13 - 2014-11-22 09:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 11:13 - 2014-11-22 09:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 11:13 - 2014-11-22 09:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 11:13 - 2014-11-22 09:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 11:13 - 2014-11-22 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 11:13 - 2014-11-22 09:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 11:13 - 2014-11-22 09:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 11:13 - 2014-11-22 09:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 11:13 - 2014-11-22 09:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 11:13 - 2014-11-22 09:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 11:13 - 2014-11-22 09:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 11:13 - 2014-11-22 09:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 11:13 - 2014-11-22 09:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 11:13 - 2014-11-22 09:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 11:13 - 2014-11-22 09:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 11:13 - 2014-11-22 09:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 11:13 - 2014-11-22 09:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 11:13 - 2014-11-22 09:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 11:13 - 2014-11-22 09:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 11:13 - 2014-11-22 09:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 11:13 - 2014-11-22 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 11:13 - 2014-11-22 09:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 11:13 - 2014-11-22 09:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 11:13 - 2014-11-22 08:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 11:13 - 2014-11-22 08:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 11:13 - 2014-11-22 08:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 11:13 - 2014-11-22 08:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 11:13 - 2014-11-22 08:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 11:13 - 2014-11-22 08:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 11:13 - 2014-11-22 08:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 11:13 - 2014-11-22 08:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 11:13 - 2014-11-22 08:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 11:13 - 2014-11-22 08:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 11:13 - 2014-11-22 08:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 11:13 - 2014-11-22 08:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 11:13 - 2014-11-22 08:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 11:13 - 2014-11-22 08:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 11:13 - 2014-11-22 08:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 11:13 - 2014-11-22 08:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 11:13 - 2014-11-22 08:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 11:13 - 2014-11-22 08:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 11:13 - 2014-11-22 08:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 11:13 - 2014-11-22 08:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 11:13 - 2014-11-22 08:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 11:13 - 2014-11-22 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 11:13 - 2014-11-22 08:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 11:13 - 2014-11-22 07:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 11:13 - 2014-11-22 07:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 11:05 - 2014-11-11 10:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 11:05 - 2014-11-11 09:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 11:05 - 2014-11-11 08:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 11:04 - 2014-10-30 09:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 11:04 - 2014-10-30 08:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 03:17 - 2014-12-11 03:17 - 03540144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 08:44 - 2014-12-09 08:50 - 84457653 _____ () C:\Users\Paul\Downloads\SO03279399-patrickball2-mp3.zip
2014-12-05 23:55 - 2014-12-31 14:22 - 00000000 ____D () C:\Users\Paul\Downloads\Thuy2014
2014-12-05 23:24 - 2014-12-05 23:28 - 23034066 _____ () C:\Users\Paul\Downloads\photo.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-04 11:07 - 2010-08-06 09:28 - 01571328 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 11:06 - 2010-08-13 05:11 - 00000000 ____D () C:\Users\Paul\AppData\Local\CrashDumps
2015-01-04 11:06 - 2010-08-06 09:33 - 00000292 _____ () C:\ProgramData\hpqp.ini
2015-01-04 11:02 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 10:39 - 2009-07-14 11:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 10:39 - 2009-07-14 11:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 10:17 - 2012-04-22 12:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-04 10:15 - 2010-12-24 00:57 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype
2015-01-04 09:12 - 2009-08-15 01:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-04 09:12 - 2009-08-15 01:20 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-01-04 09:00 - 2010-08-06 22:00 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-01-04 09:00 - 2010-08-06 21:59 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-01-04 08:24 - 2013-07-27 06:18 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-03 18:30 - 2012-04-06 04:08 - 00000977 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-03 18:29 - 2010-08-06 16:24 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2015-01-03 15:57 - 2009-08-15 01:37 - 00000000 ____D () C:\ProgramData\Norton
2015-01-03 08:27 - 2014-06-08 23:37 - 00000000 ____D () C:\Users\Paul\Downloads\MyFilipina
2015-01-02 18:04 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2015-01-01 10:12 - 2010-08-13 01:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-01 10:11 - 2011-10-28 07:06 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-31 16:18 - 2010-08-06 04:26 - 00000000 ____D () C:\Users\Paul
2014-12-31 14:19 - 2010-08-06 15:55 - 01157315 _____ () C:\Users\Paul\Documents\Americanization.odt
2014-12-31 14:12 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-31 08:51 - 2013-08-11 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-12-31 01:11 - 2010-08-06 15:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-31 01:06 - 2011-05-25 00:47 - 00000000 ____D () C:\Users\Paul\AppData\Local\Deployment
2014-12-30 22:41 - 2013-09-13 03:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-12-30 15:36 - 2011-05-28 06:17 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-12-30 08:30 - 2014-08-24 19:37 - 00000000 ____D () C:\Users\Paul\AppData\Local\Adobe
2014-12-29 12:11 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-29 12:10 - 2010-08-13 06:39 - 00000000 ____D () C:\Users\Paul\AppData\Local\QuickPlay
2014-12-29 12:01 - 2013-12-22 17:32 - 00000000 ____D () C:\ProgramData\Easybits Magic Desktop for HP
2014-12-29 12:01 - 2012-04-06 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-29 12:00 - 2014-10-23 15:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-29 11:42 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\registration
2014-12-29 11:33 - 2014-10-23 16:08 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-29 11:33 - 2014-10-23 15:56 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-29 11:33 - 2014-10-23 15:56 - 00000000 ____D () C:\Program Files\iTunes
2014-12-29 11:33 - 2014-10-23 15:56 - 00000000 ____D () C:\Program Files\iPod
2014-12-29 11:32 - 2013-06-02 19:38 - 00000000 __SHD () C:\found.000
2014-12-29 11:32 - 2010-08-06 05:15 - 00000000 __RHD () C:\MSOCache
2014-12-25 09:58 - 2013-06-01 18:10 - 00000000 ____D () C:\Users\Paul\Downloads\SexyPinay
2014-12-22 07:07 - 2009-07-14 10:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-20 08:47 - 2009-07-14 12:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-19 19:56 - 2009-07-14 12:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-18 08:50 - 2010-12-24 00:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-18 08:50 - 2010-12-24 00:57 - 00000000 ____D () C:\ProgramData\Skype
2014-12-15 23:03 - 2010-12-24 00:52 - 00534104 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-12-15 19:32 - 2010-08-13 06:39 - 00000021 _____ () C:\ProgramData\hpqp.txt
2014-12-11 20:29 - 2014-04-30 16:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 20:27 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 12:16 - 2009-08-15 02:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 12:13 - 2013-07-11 22:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 12:06 - 2010-08-07 06:50 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 03:18 - 2012-04-22 12:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 03:17 - 2012-04-22 12:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 03:17 - 2011-07-02 16:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-05 00:14 - 2010-08-06 10:00 - 00000000 ____D () C:\ProgramData\Recovery
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 01:59
 
==================== End Of Log ============================
 
Still can't use the following keys: q,w,e,r,u,i,o - all located on the top row?  I'm sure it's related to a virus.  Any ideas?


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 04 January 2015 - 09:04 AM

Still can't use the following keys: q,w,e,r,u,i,o - all located on the top row? I'm sure it's related to a virus. Any ideas?


It's not a virus. These key are all close together and it's some hardware issue.


It can possibly be cleaned with a jet air on the area of the keyboard.
A can of high pressure air are available at any Computer store. It's worth a try.

If this is a laptop and you can have access to a USB keyboard you may be able to check if my assumption is correct.

You can also check in the External Hardware forum is someone has other ideas.
http://www.bleepingcomputer.com/forums/f/138/external-hardware/

p.s.
I hope you did not drop some liquid with sugar on the keyboard.

#8 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 04 January 2015 - 10:28 AM

 

Still can't use the following keys: q,w,e,r,u,i,o - all located on the top row? I'm sure it's related to a virus. Any ideas?


It's not a virus. These key are all close together and it's some hardware issue.


It can possibly be cleaned with a jet air on the area of the keyboard.
A can of high pressure air are available at any Computer store. It's worth a try.

If this is a laptop and you can have access to a USB keyboard you may be able to check if my assumption is correct.

You can also check in the External Hardware forum is someone has other ideas.
http://www.bleepingcomputer.com/forums/f/138/external-hardware/

p.s.
I hope you did not drop some liquid with sugar on the keyboard.

 

 

Keyboard and keys were/are fine until the other night when all this started.  And how do u explain the flashing on-screen keyboard?   If it's a hardware issue what can I check on my computer?  Is it related to drivers?  What software could I run?  I'm all at sea now and still forced to use the online keyboard.  Damn!



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 04 January 2015 - 10:48 AM


Just to make sure it's not malware run this tool.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

On a side note.
My son was on the ocean last summer and completely lost control of his desktop.
The salt of the water was the cause of it.

You may be able to clean your keyboard keys.
http://computer-hardware.wonderhowto.com/how-to/clean-your-laptops-keyboard-by-removing-keys-323234/

#10 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 04 January 2015 - 01:05 PM

Here's the rogue killer report:

 

RogueKiller V10.1.1.0 (x64) [Dec 23 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Paul [Administrator]
Mode : Delete -- Date : 01/05/2015  01:01:41
 
¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] mbbService.exe -- C:\ProgramData\MobileBrServ\mbbservice.exe[7] -> Killed [TermProc]
[Suspicious.Path] AmazonMP3DownloaderHelper.exe -- C:\Users\Paul\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Magic Desktop for HP notification : "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe" [7] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1473311476-28869768-3281747046-1000\Software\Microsoft\Windows\CurrentVersion\Run | AmazonMP3DownloaderHelper : C:\Users\Paul\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1473311476-28869768-3281747046-1000\Software\Microsoft\Windows\CurrentVersion\Run | AmazonMP3DownloaderHelper : C:\Users\Paul\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe  -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Mobile Broadband HL Service ("C:\ProgramData\MobileBrServ\mbbservice.exe" -service) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mobile Broadband HL Service ("C:\ProgramData\MobileBrServ\mbbservice.exe" -service) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mobile Broadband HL Service ("C:\ProgramData\MobileBrServ\mbbservice.exe" -service) -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://uk.yahoo.com/?fr=mkg029  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 31 (Driver: Loaded) ¤¤¤
[IAT:Inl] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x71a0003c (jmp 0xfffffffffa1503d2|jmp dword near [0x719f001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) KERNEL32.dll - ReadFile : Unknown @ 0x714d003c (push dword 0x714c0022|ret |jmp dword near [0x714c001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) KERNEL32.dll - WriteFile : Unknown @ 0x7159003c (push dword 0x71580022|ret |jmp dword near [0x7158001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) KERNEL32.dll - CloseHandle : Unknown @ 0x7161003c (push dword 0x71600022|ret |jmp dword near [0x7160001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) KERNEL32.dll - CreateProcessW : Unknown @ 0x7149003c (push dword 0x71480022|ret |jmp dword near [0x7148001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) KERNEL32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71a4003c (push dword 0x71a30022|ret |jmp dword near [0x71a3001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) USER32.dll - ShowWindow : Unknown @ 0x7172003c (push dword 0x71710022|ret |jmp dword near [0x7171001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) USER32.dll - PeekMessageW : Unknown @ 0x719c003c (push dword 0x719b0022|ret |jmp dword near [0x719b001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) USER32.dll - TranslateMessage : Unknown @ 0x716e003c (push dword 0x716d0022|ret |jmp dword near [0x716d001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) USER32.dll - CreateWindowExA : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x745591a0 (jmp dword near [0x7191001e]|jmp 0x10|jmp 0x2c39160)
[IAT:Inl] (chrome.exe) USER32.dll - SetWindowLongW : Unknown @ 0x7176003c (push dword 0x71750022|ret |jmp dword near [0x7175001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) USER32.dll - CreateWindowExW : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x74558e80 (jmp dword near [0x7195001e]|jmp 0x10|jmp 0x2bf8e40)
[IAT:Inl] (chrome.exe) USER32.dll - SetParent : Unknown @ 0x717a003c (push dword 0x71790022|ret |jmp dword near [0x7179001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) GDI32.dll - BitBlt : Unknown @ 0x718a003c (push dword 0x71890022|ret |jmp dword near [0x7189001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) USER32.dll - GetClipboardData : Unknown @ 0x7180003c (push dword 0x717f0022|ret |jmp dword near [0x717f001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) USER32.dll - BeginPaint : Unknown @ 0x7186003c (push dword 0x71850022|ret |jmp dword near [0x7185001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) KERNEL32.dll - CreateIoCompletionPort : Unknown @ 0x7151003c (push dword 0x71500022|ret |jmp dword near [0x7150001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) KERNEL32.dll - GetQueuedCompletionStatus : Unknown @ 0x7165003c (push dword 0x71640022|ret |jmp dword near [0x7164001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) CRYPT32.dll - CertVerifyCertificateChainPolicy : Unknown @ 0x718e003c (push dword 0x718d0022|ret |jmp dword near [0x718d001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) KERNEL32.dll - CancelIo : Unknown @ 0x715d003c (push dword 0x715c0022|ret |jmp dword near [0x715c001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) WS2_32.dll - getaddrinfo : Unknown @ 0x716a003c (jmp 0xfffffffffb78bd8c|jmp dword near [0x7169001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) user32.dll - BeginPaint : Unknown @ 0x7186003c (push dword 0x71850022|ret |jmp dword near [0x7185001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) user32.dll - SetParent : Unknown @ 0x717a003c (push dword 0x71790022|ret |jmp dword near [0x7179001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) user32.dll - ShowWindow : Unknown @ 0x7172003c (push dword 0x71710022|ret |jmp dword near [0x7171001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) user32.dll - GetClipboardData : Unknown @ 0x7180003c (push dword 0x717f0022|ret |jmp dword near [0x717f001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) user32.dll - SetWindowLongW : Unknown @ 0x7176003c (push dword 0x71750022|ret |jmp dword near [0x7175001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) user32.dll - TranslateMessage : Unknown @ 0x716e003c (push dword 0x716d0022|ret |jmp dword near [0x716d001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) user32.dll - CreateWindowExW : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x74558e80 (jmp dword near [0x7195001e]|jmp 0x10|jmp 0x2bf8e40)
[IAT:Inl] (chrome.exe) user32.dll - PeekMessageW : Unknown @ 0x719c003c (push dword 0x719b0022|ret |jmp dword near [0x719b001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) ADVAPI32.dll - CreateProcessAsUserW : Unknown @ 0x7145003c (push dword 0x71440022|ret |jmp dword near [0x7144001e]|jmp 0x10)
[IAT:Inl] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0x7155003c (push dword 0x71540022|ret |jmp dword near [0x7154001e]|jmp 0x10)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 373c856a7cbf98223337408b2a19faac
[BSP] ab38bb93027df82801cf7afd00737177 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 292147 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 598726656 | Size: 12897 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_01052015_005156.log
 
Thanks for persevering . . .


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 04 January 2015 - 03:35 PM



We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#12 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 05 January 2015 - 11:20 AM

Hi Nasdaq: The nightmare is over and you were right: It was a hardware issue.  OK, let's backtrack and see what happened: Last night I switched off my computer and this morning turned it on again.  OMG!  The on-screen keyboard was flashing again and there was another window open that couldn't be closed: It was the sticky keys window.(This window has been popping up from day one but I forgot to inform you.)  Anyway, this evening I tried switching on my computer but got nothing.  I kept trying but got nothing.  I was scared because I hadn't backed up my stuff.  So I took it to my local electronics whiz kid and he installed a new surface keyboard and also persuaded me to buy new HP AC adapter . . . and now the computer is working like a dream.

 

Would you like me to continue with my scans?  Have your or your reports picked up anything unusual?  My computer does seem to be running well right NOW but who knows what tomorrow holds?  I'm still bamboozled as to how those keys because dysfunctional.  At no time did I spill anything on them or interfere with them in any way, shape or form.  Maybe it's the gremlins?  What's your spin on things, Nasdaq?  I'm eager to hear . . . 


Edited by maineboy64, 05 January 2015 - 11:21 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 05 January 2015 - 02:14 PM

Just run this tool.

ownload Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#14 maineboy64

maineboy64
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 06 January 2015 - 10:08 AM

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Java version 32-bit out of Date! 
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
[b][u]````````````````````End of Log`````


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 06 January 2015 - 10:12 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java ? Update ?

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users