Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected with Vosteran, and I have not been able to remove it.


  • This topic is locked This topic is locked
25 replies to this topic

#1 ljwerlein

ljwerlein

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:01:59 AM

Posted 06 February 2015 - 07:15 PM

I downloaded an app called delete_duplicate_files. I unchecked boxes that wanted to download other things,including Vosteran, but apparently it installed it anyway. The Control Panel "uninstall Programs" couldn't budge it. I then ran Emisoft and thought it was gone, but this morning when I turned on my computer, there it was again, on my desktop. Here are the records that came from scanning with FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by LindaJackim (administrator) on LINDA on 06-02-2015 17:28:42
Running from C:\Users\LindaJackim
Loaded Profiles: LindaJackim (Available profiles: LindaJackim & Administrator)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEFiltersSrv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Google Inc.) C:\Users\LindaJackim\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\CredentialUIBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2014-06-26] (Realtek Semiconductor)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AudioCommanderVista] => C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe [2903752 2013-04-15] (Andrea Electronics Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4842336 2014-06-24] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [GoogleChromeAutoLaunch_0993A93C84C06445DB82E6FAE528D856] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [8B17D1778F917D64FC04E76F02895F13BCA7B2DB._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [Google Update] => C:\Users\LindaJackim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-11-22] (Google Inc.)
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [Google+ Auto Backup] => C:\Users\LindaJackim\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\MountPoints2: {be7447de-3ab6-11e3-be72-806e6f6e6963} - "E:\AutoRun.exe" 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2815386680-214033250-1931965115-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-2815386680-214033250-1931965115-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-2815386680-214033250-1931965115-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKU\S-1-5-21-2815386680-214033250-1931965115-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll (Nuance Communications, Inc.)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2815386680-214033250-1931965115-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 69.196.208.8 69.196.208.10 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-2815386680-214033250-1931965115-1001: @tools.google.com/Google Update;version=3 -> C:\Users\LindaJackim\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2815386680-214033250-1931965115-1001: @tools.google.com/Google Update;version=9 -> C:\Users\LindaJackim\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default\searchplugins\Vosteran.xml
FF Extension: Lightbeam - C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-07-07]
FF Extension: Adblock Plus - C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-21]
FF Extension: BetterPrivacy - C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-06-21]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "chrome://newtab/", "https://chrome.google.com/", "hxxp://vosteran.com/?f=7&a=vst_wnzp_15_06&cd=2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtByD0Fzz0Dzzzy0E0FyCtN0D0Tzu0StCtCtAtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StC0E0C0EtAtBtBzztGzz0AyDyBtG0FzzyDyEtG0F0EyC0CtGyC0CyEtD0FtByCyC0C0A0FtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FyEtB0D0A0FtCtG0CtBtB0BtGyEzyzytBtGzztA0A0AtGyD0A0A0DyDyD0EtA0F0E0Czz2Q&cr=2039628636&ir=", "hxxp://vosteran.com/?f=7&a=&cd=&cr=&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Write Space) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aimodnlfiikjjnmdchihablmkdeobhad [2014-11-15]
CHR Extension: (Google Docs) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07]
CHR Extension: (Google Drive) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-05]
CHR Extension: (Fotor Photo Editor) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2014-07-07]
CHR Extension: (YouTube) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]
CHR Extension: (Ebates Cash Back) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-02-02]
CHR Extension: (Add to Amazon Wish List) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-07-07]
CHR Extension: (Google Search) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]
CHR Extension: (Good News) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\deegloljmdbfbjhlimieancmcfombgjj [2014-07-07]
CHR Extension: (Gmail Offline) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-11-15]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-07-07]
CHR Extension: (Classic) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2014-07-10]
CHR Extension: (Kindle Cloud Reader) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-07-21]
CHR Extension: (WhatFont) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2015-01-19]
CHR Extension: (Spell checker and Grammar checker by Ginger) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2014-07-07]
CHR Extension: (Google Mail Checker) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-07-07]
CHR Extension: (Print) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj [2014-07-07]
CHR Extension: (Do It (Tomorrow)) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo [2014-08-21]
CHR Extension: (Google Wallet) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]
CHR Extension: (Picasa) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-11-15]
CHR Extension: (Gmail) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR Extension: (Kippt) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldngiecbcfldpghnimmdelafenmbni [2014-07-07]
CHR Extension: (Writer) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2014-11-15]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4725440 2014-06-24] (Emsisoft GmbH)
R2 AEFilters; C:\Windows\system32\AEFiltersSrv64.exe [95232 2012-09-05] (Andrea Electronics Corporation)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Users\LindaJackim\AppData\Local\Temp\7zS6B21\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [34816 2014-11-11] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10752 2013-08-21] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-11] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
S3 AEAudioL; C:\Windows\system32\drivers\AEAudioL64.sys [25344 2012-09-05] (Andrea Electronics Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98064 2012-12-10] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67344 2012-12-10] (Infowatch)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R1 MpKsl002e4953; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4BFA3977-6E86-4442-A285-455CA0E680E6}\MpKsl002e4953.sys [45352 2015-02-06] (Microsoft Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [408136 2013-05-08] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-06-30] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 17:28 - 2015-02-06 17:30 - 00027305 _____ () C:\Users\LindaJackim\FRST.txt
2015-02-06 17:23 - 2015-02-06 17:24 - 02131968 _____ (Farbar) C:\Users\LindaJackim\FRST64.exe
2015-02-06 13:16 - 2015-02-06 13:16 - 00000000 ____D () C:\Users\LindaJackim\Desktop\Ginge
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____H () C:\ProgramData\cm-lock
2015-02-05 00:07 - 2015-02-05 00:07 - 00001110 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-02-05 00:07 - 2015-02-05 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-02-04 23:59 - 2015-02-04 23:59 - 00002784 _____ () C:\Users\LindaJackim\Desktop\JRT.txt
2015-02-04 23:53 - 2015-02-02 12:13 - 01388274 _____ (Thisisu) C:\Users\LindaJackim\Desktop\JRT_NEW.exe
2015-02-04 23:52 - 2015-02-04 23:52 - 00789968 _____ (%VENDOR%) C:\Users\LindaJackim\Unconfirmed 720314.crdownload
2015-02-04 23:49 - 2015-02-04 23:49 - 00022528 _____ () C:\Users\LindaJackim\AppData\Local\dsisetup1180897812.exe
2015-02-04 23:49 - 2015-02-04 23:49 - 00000010 _____ () C:\Users\LindaJackim\AppData\Local\DSI.DAT
2015-02-04 23:15 - 2015-02-04 23:17 - 00001091 _____ () C:\Users\LindaJackim\Desktop\Duplicate_Files_Deleter.exe.lnk
2015-02-04 22:59 - 2015-02-04 22:59 - 00000000 ____D () C:\Users\LindaJackim\duplicate_files_deleter
2015-02-04 22:51 - 2015-02-04 22:52 - 00906024 _____ ( ) C:\Users\LindaJackim\winzip19-dl (1).exe
2015-02-04 22:49 - 2015-02-06 16:49 - 00000322 _____ () C:\WINDOWS\Tasks\WSE_Vosteran.job
2015-02-04 22:49 - 2015-02-04 23:56 - 00000000 ____D () C:\Users\LindaJackim\AppData\Local\Vosteran
2015-02-04 22:49 - 2015-02-04 22:57 - 00000000 ____D () C:\Users\LindaJackim\AppData\Local\WinZip
2015-02-04 22:49 - 2015-02-04 22:49 - 00002660 _____ () C:\WINDOWS\System32\Tasks\WSE_Vosteran
2015-02-04 22:49 - 2015-02-04 22:49 - 00002302 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-02-04 22:49 - 2015-02-04 22:49 - 00002296 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-02-04 22:49 - 2015-02-04 22:49 - 00000000 ____D () C:\Users\LindaJackim\AppData\Local\114487671
2015-02-04 22:49 - 2015-02-04 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-02-04 22:49 - 2015-02-04 22:49 - 00000000 ____D () C:\Program Files\WinZip
2015-02-04 22:48 - 2015-02-04 22:48 - 00000000 ____D () C:\Program Files\File Association Helper
2015-02-04 22:47 - 2015-02-04 22:47 - 00906024 _____ ( ) C:\Users\LindaJackim\winzip19-dl.exe
2015-02-04 22:30 - 2015-02-04 22:30 - 00027180 _____ () C:\Users\LindaJackim\WinZip® papers.html
2015-02-04 22:21 - 2015-02-04 22:29 - 120105328 _____ () C:\Users\LindaJackim\Unconfirmed 5833.crdownload
2015-02-04 21:48 - 2015-02-04 21:48 - 00183046 _____ () C:\Users\LindaJackim\Desktop\duplicate_files_deleter.zip
2015-02-03 14:58 - 2015-02-03 14:58 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-03 14:58 - 2015-02-03 14:58 - 00000000 ____D () C:\ProgramData\Sun
2015-02-03 14:58 - 2015-02-03 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-03 14:58 - 2015-02-03 14:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-03 14:51 - 2015-02-03 14:58 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-03 14:51 - 2015-02-03 14:51 - 00639400 _____ (Oracle Corporation) C:\Users\LindaJackim\chromeinstall-8u31.exe
2015-02-02 23:45 - 2015-02-02 23:45 - 00000149 ____H () C:\Users\LindaJackim\.picasa.ini
2015-01-27 15:38 - 2015-01-27 15:38 - 00000000 _____ () C:\Users\LindaJackim\Sti_Trace.log
2015-01-27 15:33 - 2015-01-27 15:33 - 00000000 ____D () C:\Users\LindaJackim\Documents\ControlCenter4
2015-01-27 14:21 - 2015-01-27 14:21 - 00000055 _____ () C:\WINDOWS\SysWOW64\BRDH2280DW.DAT
2015-01-27 14:01 - 2015-01-27 14:01 - 00000000 ____D () C:\Users\LindaJackim\Desktop\wlan_wiz
2015-01-27 14:01 - 2015-01-27 14:01 - 00000000 ____D () C:\Users\LindaJackim\Desktop\install
2015-01-27 13:59 - 2015-01-27 14:01 - 129191528 _____ (A.I.SOFT,INC.) C:\Users\LindaJackim\Desktop\HL-2280DW-inst-C1-USA.EXE
2015-01-27 12:52 - 2015-01-27 12:52 - 00000000 ____D () C:\Users\LindaJackim\Desktop\64
2015-01-27 12:48 - 2015-01-27 12:48 - 18255551 _____ (A.I.SOFT,INC.) C:\Users\LindaJackim\Desktop\Y10E_C1-gdi-64-D2.EXE
2015-01-25 13:39 - 2015-01-25 13:39 - 02738504 _____ (Google Inc.) C:\Users\LindaJackim\gpautobackup_setup.exe
2015-01-20 17:05 - 2015-01-20 18:12 - 00000000 ____D () C:\AdwCleaner
2015-01-20 17:05 - 2015-01-20 17:05 - 02186752 _____ () C:\Users\LindaJackim\AdwCleaner.exe
2015-01-20 17:03 - 2015-01-20 17:03 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\LindaJackim\1BAF.tmp
2015-01-20 16:19 - 2015-01-20 16:19 - 01707939 _____ (Thisisu) C:\Users\LindaJackim\JRT (1).exe
2015-01-20 16:00 - 2015-01-20 16:00 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\LindaJackim\tdsskiller (2).exe
2015-01-20 15:59 - 2015-01-20 15:59 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\LindaJackim\tdsskiller (1).exe
2015-01-18 18:30 - 2015-01-18 18:30 - 00032635 _____ () C:\Users\LindaJackim\DFollow My Health™  Universal Health Record.html
2015-01-18 18:30 - 2015-01-18 18:30 - 00032635 _____ () C:\Users\LindaJackim\CFollow My Health™  Universal Health Record.html
2015-01-18 18:29 - 2015-01-18 18:29 - 00032635 _____ () C:\Users\LindaJackim\BFollow My Health™  Universal Health Record.html
2015-01-18 18:29 - 2015-01-18 18:29 - 00032635 _____ () C:\Users\LindaJackim\AFollow My Health™  Universal Health Record.html
2015-01-18 18:18 - 2015-01-18 18:19 - 00000171 _____ () C:\Users\LindaJackim\Desktop\Premier Neurosurgery.url
2015-01-18 17:47 - 2015-01-18 17:47 - 00032635 _____ () C:\Users\LindaJackim\Follow My Health™  Universal Health Record.html123.html
2015-01-18 17:46 - 2015-01-18 17:46 - 00032635 _____ () C:\Users\LindaJackim\2nd page.html
2015-01-18 17:45 - 2015-01-18 17:45 - 00032635 _____ () C:\Users\LindaJackim\Follow My Health™  Universal Health Record.html
2015-01-17 19:21 - 2015-01-17 19:22 - 00029696 _____ () C:\Users\LindaJackim\Backup of Martin_Medical_Customer_Satisfaction_Survey_(4)[1].wbk
2015-01-14 09:54 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 09:54 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 09:54 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 09:54 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 09:54 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 09:54 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 09:54 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 09:54 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 09:54 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 09:54 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 09:54 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 09:54 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 09:54 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 09:54 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 09:54 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 09:54 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 09:54 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 09:54 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 09:54 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 09:54 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 09:54 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 09:54 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 09:54 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 09:54 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-07 01:48 - 2015-01-07 01:48 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\LindaJackim\tdsskiller.exe
2015-01-07 00:56 - 2015-01-07 00:56 - 01707939 _____ (Thisisu) C:\Users\LindaJackim\JRT.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 17:29 - 2014-02-13 19:42 - 00000000 ____D () C:\FRST
2015-02-06 17:28 - 2014-11-10 14:53 - 00000000 ____D () C:\Users\LindaJackim
2015-02-06 17:12 - 2014-06-18 03:30 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5344D135-1295-4DDB-8E74-95D48A5E434F}
2015-02-06 17:00 - 2014-11-10 14:40 - 01062322 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-06 17:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-06 16:55 - 2014-06-23 16:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-06 16:51 - 2014-11-22 07:41 - 00000944 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001UA.job
2015-02-06 16:41 - 2014-07-07 04:20 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 15:51 - 2014-11-22 07:41 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001Core.job
2015-02-06 15:20 - 2014-09-24 01:15 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-06 14:34 - 2014-06-25 04:07 - 00000000 __RDO () C:\Users\LindaJackim\OneDrive
2015-02-06 14:30 - 2014-07-27 13:43 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-02-06 12:59 - 2014-07-07 04:20 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 10:51 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-06 10:39 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-06 10:38 - 2014-09-24 01:03 - 00013518 _____ () C:\WINDOWS\PFRO.log
2015-02-06 10:38 - 2013-08-22 08:46 - 00346183 _____ () C:\WINDOWS\setupact.log
2015-02-05 15:04 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-05 15:03 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-05 01:49 - 2014-07-06 14:35 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 01:13 - 2014-06-18 03:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2815386680-214033250-1931965115-1001
2015-02-04 23:49 - 2014-08-28 12:10 - 00000139 _____ () C:\Users\LindaJackim\AppData\Roaming\WB.CFG
2015-02-04 22:50 - 2014-08-28 11:10 - 00000000 ____D () C:\ProgramData\WinZip
2015-02-04 22:48 - 2014-07-27 16:06 - 00003194 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForLindaJackim
2015-02-04 22:48 - 2014-07-27 16:06 - 00000368 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForLindaJackim.job
2015-02-04 21:56 - 2013-07-19 21:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-02-04 21:56 - 2013-07-19 21:15 - 00000000 ___HD () C:\HP
2015-02-04 16:55 - 2014-06-23 16:48 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 13:31 - 2014-11-14 01:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 13:31 - 2014-11-14 01:59 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 09:41 - 2013-10-21 17:48 - 00000000 ____D () C:\ProgramData\Temp
2015-02-02 18:42 - 2014-09-26 11:57 - 00128976 _____ () C:\Users\LindaJackim\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 23:36 - 2014-07-07 04:20 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-30 23:36 - 2014-07-07 04:20 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-27 15:55 - 2014-11-05 08:06 - 00000000 ____D () C:\Users\LindaJackim\Documents\Wondershare PDF to Word
2015-01-27 15:31 - 2014-08-03 17:08 - 00000000 ____D () C:\Users\LindaJackim\AppData\Roaming\ControlCenter4
2015-01-27 14:23 - 2014-08-03 16:38 - 00000000 ____D () C:\ProgramData\ControlCenter4
2015-01-27 14:23 - 2014-08-03 16:38 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2015-01-27 14:23 - 2014-08-03 16:38 - 00000000 ____D () C:\Program Files (x86)\Browny02
2015-01-22 12:28 - 2014-11-18 04:55 - 00002035 _____ () C:\Users\LindaJackim\AppData\Roaming\SAS7_000.DAT
2015-01-16 16:40 - 2014-06-18 16:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-16 16:28 - 2014-06-18 16:06 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 15:45 - 2013-08-22 08:44 - 00499128 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-08 19:25 - 2014-06-18 03:28 - 00000000 ____D () C:\Users\LindaJackim\AppData\Local\Packages
2015-01-07 01:06 - 2014-07-06 06:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-07 01:06 - 2014-07-06 06:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-07 01:06 - 2014-06-25 01:49 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
 
==================== Files in the root of some directories =======
 
2014-06-16 08:45 - 2014-06-16 08:34 - 0005212 _____ () C:\Program Files\route.print.txt
2014-08-18 09:48 - 2014-08-18 09:52 - 152183640 _____ (Hewlett-Packard                                             ) C:\Program Files\sp64853.exe
2014-05-28 08:46 - 2014-10-20 02:35 - 0000786 _____ () C:\Program Files (x86)\.android.lnk
2014-08-03 16:56 - 2014-08-03 16:57 - 129191528 _____ (A.I.SOFT,INC.) C:\Program Files (x86)\HL-2280DW-inst-C1-USA.EXE
2014-11-18 04:55 - 2015-01-22 12:28 - 0002035 _____ () C:\Users\LindaJackim\AppData\Roaming\SAS7_000.DAT
2014-08-28 12:10 - 2015-02-04 23:49 - 0000139 _____ () C:\Users\LindaJackim\AppData\Roaming\WB.CFG
2015-02-04 23:49 - 2015-02-04 23:49 - 0000010 _____ () C:\Users\LindaJackim\AppData\Local\DSI.DAT
2015-02-04 23:49 - 2015-02-04 23:49 - 0022528 _____ () C:\Users\LindaJackim\AppData\Local\dsisetup1180897812.exe
2014-06-24 15:00 - 2014-10-22 09:34 - 0007634 _____ () C:\Users\LindaJackim\AppData\Local\resmon.resmoncfg
2015-02-06 10:39 - 2015-02-06 10:39 - 0000000 ____H () C:\ProgramData\cm-lock
2014-12-27 18:13 - 2014-12-28 18:14 - 0002796 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\LindaJackim\AdwCleaner.exe
C:\Users\LindaJackim\AIO_CDB_FSW_Full_Win_WW_140_408.exe
C:\Users\LindaJackim\chromeinstall-8u31.exe
C:\Users\LindaJackim\duplicatephotofinder_setup.exe
C:\Users\LindaJackim\Duplicate_Files_Deleter.exe
C:\Users\LindaJackim\FRST64.exe
C:\Users\LindaJackim\gpautobackup_setup.exe
C:\Users\LindaJackim\hppiw.exe
C:\Users\LindaJackim\ispsetup.exe
C:\Users\LindaJackim\JRT (1).exe
C:\Users\LindaJackim\JRT.exe
C:\Users\LindaJackim\RecoverMyFiles-Setup.exe
C:\Users\LindaJackim\StartIsBackPlus_setup.exe
C:\Users\LindaJackim\taglib-sharp.dll
C:\Users\LindaJackim\tdsskiller (1).exe
C:\Users\LindaJackim\tdsskiller (2).exe
C:\Users\LindaJackim\tdsskiller.exe
C:\Users\LindaJackim\WinShell.dll
C:\Users\LindaJackim\winzip19-dl (1).exe
C:\Users\LindaJackim\winzip19-dl.exe
 
 
Some content of TEMP:
====================
C:\Users\LindaJackim\AppData\Local\Temp\HPInstaller.exe
C:\Users\LindaJackim\AppData\Local\Temp\Quarantine.exe
C:\Users\LindaJackim\AppData\Local\Temp\sqlite3.dll
C:\Users\LindaJackim\AppData\Local\Temp\uninstall.exe
C:\Users\LindaJackim\AppData\Local\Temp\vmw.exe
C:\Users\LindaJackim\AppData\Local\Temp\VSTStubSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-27 14:11
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 08 February 2015 - 03:34 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

YjhLJro.pngSystemLook

  • Please download SystemLook (x64) and save the file to your Desktop.
  • Right-Click SystemLook_x64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.

    :filefind
    *vosteran*
    
    :folderfind
    *vosteran*
    
    :regfind
    vosteran
  • Click the Ji0XpU4.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
  • Click the OCFv7xc.png button.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 ljwerlein

ljwerlein
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:01:59 AM

Posted 08 February 2015 - 08:16 PM

Thank you for helping me. Here is the SystemLook.txt log that resulted from my following your instructions above:
 
 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 18:47 on 08/02/2015 by LindaJackim
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*vosteran*"
C:\$Recycle.Bin\S-1-5-21-2815386680-214033250-1931965115-1001\$RSHXGEL\Vosteran.lnk --a---- 2381 bytes [04:50 05/02/2015] [04:50 05/02/2015] CAA88EE57F1E4E7CDED1208EE95561FE
C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe --a---- 1014272 bytes [04:50 05/02/2015] [09:49 06/11/2014] 944A91AF08BBED92BD0ABC81203042A9
C:\Users\LindaJackim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vosteran.lnk --a---- 2352 bytes [04:50 05/02/2015] [04:50 05/02/2015] 57DA747AC85F59E571F115417859C315
C:\Users\LindaJackim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Vosteran.lnk --a---- 2381 bytes [04:50 05/02/2015] [04:50 05/02/2015] CAA88EE57F1E4E7CDED1208EE95561FE
C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default\searchplugins\Vosteran.xml --a---- 1225 bytes [04:48 05/02/2015] [04:48 05/02/2015] 09EF0187C411D5282DC00B6C269CBC5F
C:\Windows\Prefetch\VOSTERAN.EXE-7C1C655C.pf --a---- 300554 bytes [04:54 05/02/2015] [05:47 05/02/2015] C2892C315EDC788C66C3650EEE2E426D
C:\Windows\System32\Tasks\WSE_Vosteran --a---- 2660 bytes [04:49 05/02/2015] [04:49 05/02/2015] 5ED6B49A8986ED4728EEDF3238F96BA9
C:\Windows\Tasks\WSE_Vosteran.job --a---- 322 bytes [04:49 05/02/2015] [00:49 09/02/2015] 80C776F310280FA156AD96F754A60EF0
 
========== folderfind ==========
 
Searching for "*vosteran*"
C:\Users\LindaJackim\AppData\Local\Vosteran d------ [04:49 05/02/2015]
 
========== regfind ==========
 
Searching for "vosteran"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
@="Vosteran"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities]
"ApplicationDescription"="Vosteran is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Vosteran."
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities]
"ApplicationIcon"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe,0"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities]
"ApplicationName"="Vosteran"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\FileAssociations]
".htm"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\FileAssociations]
".html"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\FileAssociations]
".shtml"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\FileAssociations]
".xht"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\FileAssociations]
".xhtml"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\FileAssociations]
".webp"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\Startmenu]
"StartMenuInternet"="Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"ftp"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"http"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"https"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"irc"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"mailto"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"mms"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"news"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"nntp"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"sms"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"smsto"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"tel"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"urn"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"webcal"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\DefaultIcon]
@="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe,0"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\InstallInfo]
"ReinstallCommand"=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" --make-default-browser"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\InstallInfo]
"HideIconsCommand"=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" --hide-icons"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\InstallInfo]
"ShowIconsCommand"=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" --show-icons"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\shell\open\command]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconPath"="C:\Program Files (x86)\WSE_Vosteran\\FavIcon.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Vosteran"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\vosteran.exe]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\vosteran.exe]
@="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\vosteran.exe]
"Path"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application"
[HKEY_CURRENT_USER\Software\RegisteredApplications]
"Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4"="Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities"
[HKEY_CURRENT_USER\Software\Vosteran]
[HKEY_CURRENT_USER\Software\Vosteran]
"name"="Vosteran"
[HKEY_CURRENT_USER\Software\Vosteran\Commands\install-extension]
"CommandLine"=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" --limited-install-from-webstore=%1"
[HKEY_CURRENT_USER\Software\Vosteran\Commands\on-os-upgrade]
"CommandLine"=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\Installer\setup.exe" --on-os-upgrade --verbose-logging"
[HKEY_CURRENT_USER\Software\Vosteran Browser]
[HKEY_CURRENT_USER\Software\Vosteran Browser]
"UninstallString"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\Installer\setup.exe"
[HKEY_CURRENT_USER\Software\Vosteran Browser]
"InstallerSuccessLaunchCmdLine"=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe""
[HKEY_CURRENT_USER\Software\wse_vosteran]
[HKEY_CURRENT_USER\Software\wse_vosteran\wse_vosteran]
[HKEY_CURRENT_USER\Software\Classes\.htm\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_CURRENT_USER\Software\Classes\.html\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_CURRENT_USER\Software\Classes\.shtml\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_CURRENT_USER\Software\Classes\.webp\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_CURRENT_USER\Software\Classes\.xht\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_CURRENT_USER\Software\Classes\.xhtml\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
"AppName"="Vosteran"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
"Image"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\VisualElements\splash-620x300.png"
[HKEY_CURRENT_USER\Software\Classes\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
[HKEY_CURRENT_USER\Software\Classes\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\.exe\shell\open\command]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" -- %*"
[HKEY_CURRENT_USER\Software\Classes\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\.exe\shell\opennewwindow]
@="New Vosteran window"
[HKEY_CURRENT_USER\Software\Classes\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\.exe\shell\opennewwindow\command]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" -- %*"
[HKEY_CURRENT_USER\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4]
[HKEY_CURRENT_USER\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4]
@="Vosteran HTML Document"
[HKEY_CURRENT_USER\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4]
"AppUserModelId"="Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\Application]
"AppUserModelId"="Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_CURRENT_USER\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\Application]
"ApplicationIcon"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe,0"
[HKEY_CURRENT_USER\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\Application]
"ApplicationName"="Vosteran"
[HKEY_CURRENT_USER\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\Application]
"ApplicationCompany"="Vosteran"
[HKEY_CURRENT_USER\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\DefaultIcon]
@="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe,0"
[HKEY_CURRENT_USER\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\shell\open\command]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" -- "%1""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\delegate_execute.exe""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32]
"ServerExecutable"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\delegate_execute.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4CB3598A-82E8-4D1F-983F-061238AE696E}\Instl\Data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4CB3598A-82E8-4D1F-983F-061238AE696E}\Instl\Data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4CB3598A-82E8-4D1F-983F-061238AE696E}\Instl\Data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4CB3598A-82E8-4D1F-983F-061238AE696E}\Instl\Data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconPath"="C:\Program Files (x86)\WSE_Vosteran\\FavIcon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Vosteran"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Vosteran"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B7D52C0-DA71-400B-82C9-68C3C8DC2F90}]
"Path"="\WSE_Vosteran"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy]
"AppPath"="C:\Program Files (x86)\WSE_Vosteran\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\vosteran.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{4CB3598A-82E8-4D1F-983F-061238AE696E}\Instl\Data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{4CB3598A-82E8-4D1F-983F-061238AE696E}\Instl\Data]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
@="Vosteran"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities]
"ApplicationDescription"="Vosteran is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Vosteran."
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities]
"ApplicationIcon"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe,0"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities]
"ApplicationName"="Vosteran"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\FileAssociations]
".htm"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\FileAssociations]
".html"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\FileAssociations]
".shtml"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\FileAssociations]
".xht"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\FileAssociations]
".xhtml"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\FileAssociations]
".webp"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\Startmenu]
"StartMenuInternet"="Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"ftp"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"http"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"https"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"irc"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"mailto"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"mms"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"news"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"nntp"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"sms"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"smsto"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"tel"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"urn"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities\URLAssociations]
"webcal"="VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\DefaultIcon]
@="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe,0"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\InstallInfo]
"ReinstallCommand"=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" --make-default-browser"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\InstallInfo]
"HideIconsCommand"=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" --hide-icons"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\InstallInfo]
"ShowIconsCommand"=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" --show-icons"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\shell\open\command]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconPath"="C:\Program Files (x86)\WSE_Vosteran\\FavIcon.ico"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Vosteran"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Microsoft\Windows\CurrentVersion\App Paths\vosteran.exe]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Microsoft\Windows\CurrentVersion\App Paths\vosteran.exe]
@="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Microsoft\Windows\CurrentVersion\App Paths\vosteran.exe]
"Path"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\RegisteredApplications]
"Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4"="Software\Clients\StartMenuInternet\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\Capabilities"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Vosteran]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Vosteran]
"name"="Vosteran"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Vosteran\Commands\install-extension]
"CommandLine"=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" --limited-install-from-webstore=%1"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Vosteran\Commands\on-os-upgrade]
"CommandLine"=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\Installer\setup.exe" --on-os-upgrade --verbose-logging"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Vosteran Browser]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Vosteran Browser]
"UninstallString"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\Installer\setup.exe"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Vosteran Browser]
"InstallerSuccessLaunchCmdLine"=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\wse_vosteran]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\wse_vosteran\wse_vosteran]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\.htm\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\.html\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\.shtml\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\.webp\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\.xht\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\.xhtml\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
"AppName"="Vosteran"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
"Image"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\VisualElements\splash-620x300.png"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\.exe\shell\open\command]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" -- %*"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\.exe\shell\opennewwindow]
@="New Vosteran window"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\.exe\shell\opennewwindow\command]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" -- %*"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4]
@="Vosteran HTML Document"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4]
"AppUserModelId"="Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\Application]
"AppUserModelId"="Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\Application]
"ApplicationIcon"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe,0"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\Application]
"ApplicationName"="Vosteran"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\Application]
"ApplicationCompany"="Vosteran"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\DefaultIcon]
@="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe,0"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\shell\open\command]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" -- "%1""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\delegate_execute.exe""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Classes\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32]
"ServerExecutable"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\delegate_execute.exe"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\.htm\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\.html\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\.shtml\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\.webp\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\.xht\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\.xhtml\OpenWithProgids]
"VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4"=""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
"AppName"="Vosteran"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
"Image"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\VisualElements\splash-620x300.png"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\.exe\shell\open\command]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" -- %*"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\.exe\shell\opennewwindow]
@="New Vosteran window"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4\.exe\shell\opennewwindow\command]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" -- %*"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4]
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4]
@="Vosteran HTML Document"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4]
"AppUserModelId"="Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\Application]
"AppUserModelId"="Vosteran.7RH4WYAAY2COD7EVVRELHEBJP4"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\Application]
"ApplicationIcon"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe,0"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\Application]
"ApplicationName"="Vosteran"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\Application]
"ApplicationCompany"="Vosteran"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\DefaultIcon]
@="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe,0"
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\VosteranHTML.7RH4WYAAY2COD7EVVRELHEBJP4\shell\open\command]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\vosteran.exe" -- "%1""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32]
@=""C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\delegate_execute.exe""
[HKEY_USERS\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32]
"ServerExecutable"="C:\Users\LindaJackim\AppData\Local\Vosteran\Application\31.0.1650.23\delegate_execute.exe"
 
-= EOF =-


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 09 February 2015 - 03:13 AM

Hi,
2015-01-20 17:05 - 2015-01-20 17:05 - 02186752 _____ () C:\Users\LindaJackim\AdwCleaner.exe
Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

Scan with mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 ljwerlein

ljwerlein
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:01:59 AM

Posted 10 February 2015 - 09:08 PM

Hello Jurgen,

 

Thank you for helping me. I apologize for taking so long to get back to this, but I ran into a problem. I finished the Step 1, scanning with Adware Cleaner, but failed to see that there was a Step 2 before I exited, thinking the process was all finished. Trying to get back to the process to begin again was very frustrating because the computer was running in safe mode, and it took me some time to figure out how to get out of safe mode so that I could continue. Finally, I started again at Step 1, running the Adware Cleaner again,  and then ran the MalwareBytes scan. I hope my error has not caused greater problems for the cleanup process. Again, thank you for your time and expertise.                    

 

Here are the reports:                                            

 

This is AdwCleaner[S1].txt:

 

 

              # AdwCleaner v4.108 - Report created 20/01/2015 at 18:08:06

              # Updated 17/01/2015 by Xplode

              # Database : 2015-01-18.1 [Live]

              # Operating System : Windows 8 Pro  (64 bits)

              # Username : LindaJackim - LINDA

              # Running from : C:\Users\LindaJackim\AdwCleaner.exe

              # Option : Clean

             

              ***** [ Services ] *****

             

             

              ***** [ Files / Folders ] *****

             

              Folder Deleted : C:\ProgramData\ParetoLogic

              Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

              Folder Deleted : C:\Users\LindaJackim\AppData\Roaming\NCH Software

              Folder Deleted : C:\Users\LindaJackim\AppData\Roaming\ParetoLogic

              Folder Deleted : C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi

              File Deleted : C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

             

              ***** [ Scheduled Tasks ] *****

             

              Task Deleted : ProgramRefresh-ATFST

              Task Deleted : ProgramUpdateCheck

             

              ***** [ Shortcuts ] *****

             

             

              ***** [ Registry ] *****

             

              Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}

              Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

              Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}    

              Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

              Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}

              Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

              Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

              Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

              Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

              Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}

              Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

              Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

              Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

              Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

              Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

              Key Deleted : HKCU\Software\Bitberry Software

              Key Deleted : HKCU\Software\Bitberry

              Key Deleted : HKCU\Software\BRS

      

              Key Deleted : HKCU\Software\ParetoLogic

              Key Deleted : HKCU\Software\torch

              Key Deleted : HKLM\SOFTWARE\InstallCore

              Key Deleted : HKLM\SOFTWARE\ParetoLogic

              Key Deleted : HKLM\SOFTWARE\torch

              Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect

              Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.9

              Key Deleted : [x64] HKCU\Software\BRS

              Key Deleted : [x64] HKCU\Software\ParetoLogic

              Key Deleted : [x64] HKCU\Software\torch

             

              ***** [ Browsers ] *****

             

              -\\ Internet Explorer v11.0.9600.17416

             

             

              -\\ Mozilla Firefox v31.0 (x86 en-US)

             

             

              -\\ Google Chrome v39.0.2171.99

             

             

              *************************

             

              AdwCleaner[R1].txt - [3422 octets] - [20/01/2015 17:05:29]

              AdwCleaner[S1].txt - [3286 octets] - [20/01/2015 18:08:06]

             

              ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3346 octets] ##########

 

 

This is AdwCleaner[S2].txt

 

 

# AdwCleaner v4.110 - Logfile created 09/02/2015 at 12:39:26

# Updated 05/02/2015 by Xplode

# Database : 2015-02-08.1 [Server]

# Operating system : Windows 8.1  (x64)

# Username : LindaJackim - LINDA

# Running from : C:\Users\LindaJackim\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\LindaJackim\AppData\Local\Vosteran

File Deleted : C:\Users\LINDAJ~1\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default\searchplugins\Vosteran.xml

 

***** [ Scheduled tasks ] *****

 

Task Deleted : WSE_Vosteran

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKCU\Software\BRS

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\torch

Key Deleted : HKCU\Software\Vosteran Browser

Key Deleted : HKCU\Software\WSE_Vosteran

Key Deleted : HKCU\Software\Vosteran

Key Deleted : HKLM\SOFTWARE\ParetoLogic

Key Deleted : HKLM\SOFTWARE\torch

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Mozilla Firefox v31.0 (x86 en-US)

 

 

-\\ Google Chrome v40.0.2214.111

 

 

*************************

 

AdwCleaner[R1].txt - [3422 bytes] - [20/01/2015 17:05:29]

AdwCleaner[R2].txt - [2870 bytes] - [09/02/2015 12:35:32]

AdwCleaner[S1].txt - [3462 bytes] - [20/01/2015 18:08:06]

AdwCleaner[S2].txt - [2572 bytes] - [09/02/2015 12:39:26]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2631  bytes] ##########

 

This is AdwCleaner[S3].txt:

 

# AdwCleaner v4.110 - Logfile created 10/02/2015 at 14:12:20

# Updated 05/02/2015 by Xplode

# Database : 2015-02-09.1 [Server]

# Operating system : Windows 8.1  (x64)

# Username : LindaJackim - LINDA

# Running from : C:\Users\LindaJackim\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Mozilla Firefox v31.0 (x86 en-US)

 

 

-\\ Google Chrome v40.0.2214.111

 

 

*************************

 

AdwCleaner[R1].txt - [3422 bytes] - [20/01/2015 17:05:29]

AdwCleaner[R2].txt - [2870 bytes] - [09/02/2015 12:35:32]

AdwCleaner[R3].txt - [292 bytes] - [10/02/2015 12:37:06]

AdwCleaner[R4].txt - [1065 bytes] - [10/02/2015 14:09:38]

AdwCleaner[S1].txt - [3997 bytes] - [20/01/2015 18:08:06]

AdwCleaner[S2].txt - [2727 bytes] - [09/02/2015 12:39:26]

AdwCleaner[S3].txt - [994 bytes] - [10/02/2015 14:12:20]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1052  bytes] ##########

 

This is MalwareBytes report:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2/10/2015

Scan Time: 2:28:12 PM

Logfile: MalwareBytes Report.txt

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.02.10.11

Rootkit Database: v2015.02.03.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: LindaJackim

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 441980

Time Elapsed: 43 min, 30 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 2

PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, , [b75b3fdb583250e67c52b14d9b67d828],

PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, , [b75b3fdb583250e67c52b14d9b67d828],

 

Registry Values: 2

PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, , [f61c0f0b781264d2ae3ad14126df37c9]

PUP.Optional.Vosteran, HKU\S-1-5-21-2815386680-214033250-1931965115-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Vosteran, , [b65c02186327c5711e2e8a89040103fd]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.Vosteran.A, C:\Users\LindaJackim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vosteran.lnk, , [3dd5c852a5e5d4622fa15d3239ca20e0],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 11 February 2015 - 01:37 AM

Please post the FRST logs as well. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 ljwerlein

ljwerlein
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:01:59 AM

Posted 11 February 2015 - 08:33 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by LindaJackim (administrator) on LINDA on 10-02-2015 20:19:25

Running from C:\Users\LindaJackim\Desktop

Loaded Profiles: LindaJackim (Available profiles: LindaJackim & Administrator & Guest)

Platform: Windows 8 Pro (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Windows\System32\AEFiltersSrv64.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE

(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

() C:\Windows\System32\igfxTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2014-06-26] (Realtek Semiconductor)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AudioCommanderVista] => C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe [2903752 2013-04-15] (Andrea Electronics Corporation)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)

HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)

HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4842336 2014-06-24] (Emsisoft GmbH)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [GoogleChromeAutoLaunch_0993A93C84C06445DB82E6FAE528D856] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)

HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [8B17D1778F917D64FC04E76F02895F13BCA7B2DB._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)

HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [Google Update] => C:\Users\LindaJackim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-11-22] (Google Inc.)

HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [Google+ Auto Backup] => C:\Users\LindaJackim\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)

HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S3].txt [1132 2015-02-10] ()

HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\MountPoints2: {be7447de-3ab6-11e3-be72-806e6f6e6963} - "E:\AutoRun.exe"

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKU\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

SearchScopes: HKLM -> {D52D8419-B7FF-4E52-A06E-C354376205AB} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2815386680-214033250-1931965115-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}

SearchScopes: HKU\S-1-5-21-2815386680-214033250-1931965115-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll (Nuance Communications, Inc.)

BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKU\S-1-5-21-2815386680-214033250-1931965115-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Tcpip\Parameters: [DhcpNameServer] 69.196.208.8 69.196.208.10 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default

FF NewTab: about:newtab

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll (Nuance Communications, Inc.)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.)

FF Plugin HKU\S-1-5-21-2815386680-214033250-1931965115-1001: @tools.google.com/Google Update;version=3 -> C:\Users\LindaJackim\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-2815386680-214033250-1931965115-1001: @tools.google.com/Google Update;version=9 -> C:\Users\LindaJackim\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

FF Extension: Lightbeam - C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-07-07]

FF Extension: Adblock Plus - C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-21]

FF Extension: BetterPrivacy - C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-06-21]

StartMenuInternet: FIREFOX.EXE - firefox.exe

 

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "chrome://newtab/", "https://chrome.google.com/", "hxxp://vosteran.com/?f=7&a=vst_wnzp_15_06&cd=2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtByD0Fzz0Dzzzy0E0FyCtN0D0Tzu0StCtCtAtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StC0E0C0EtAtBtBzztGzz0AyDyBtG0FzzyDyEtG0F0EyC0CtGyC0CyEtD0FtByCyC0C0A0FtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FyEtB0D0A0FtCtG0CtBtB0BtGyEzyzytBtGzztA0A0AtGyD0A0A0DyDyD0EtA0F0E0Czz2Q&cr=2039628636&ir=", "hxxp://vosteran.com/?f=7&a=&cd=&cr=&ir="

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Write Space) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aimodnlfiikjjnmdchihablmkdeobhad [2014-11-15]

CHR Extension: (Google Docs) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07]

CHR Extension: (Google Drive) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-05]

CHR Extension: (Fotor Photo Editor) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2014-07-07]

CHR Extension: (YouTube) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]

CHR Extension: (Ebates Cash Back) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-02-02]

CHR Extension: (Add to Amazon Wish List) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-07-07]

CHR Extension: (Google Search) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]

CHR Extension: (Good News) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\deegloljmdbfbjhlimieancmcfombgjj [2014-07-07]

CHR Extension: (Gmail Offline) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-11-15]

CHR Extension: (Photo Zoom for Facebook) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-07-07]

CHR Extension: (Classic) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2014-07-10]

CHR Extension: (Kindle Cloud Reader) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-07-21]

CHR Extension: (WhatFont) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2015-01-19]

CHR Extension: (Spell checker and Grammar checker by Ginger) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2014-07-07]

CHR Extension: (Google Mail Checker) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-07-07]

CHR Extension: (Print) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj [2014-07-07]

CHR Extension: (Do It (Tomorrow)) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo [2014-08-21]

CHR Extension: (Google Wallet) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]

CHR Extension: (Picasa) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-11-15]

CHR Extension: (Gmail) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]

CHR Extension: (Kippt) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldngiecbcfldpghnimmdelafenmbni [2014-07-07]

CHR Extension: (Writer) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2014-11-15]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4725440 2014-06-24] (Emsisoft GmbH)

R2 AEFilters; C:\Windows\system32\AEFiltersSrv64.exe [95232 2012-09-05] (Andrea Electronics Corporation)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 HPSLPSVC; C:\Users\LindaJackim\AppData\Local\Temp\7zS6B21\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]

R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)

U2 iprip; C:\Windows\System32\iprip.dll [34816 2014-11-11] (Microsoft Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)

S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)

R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10752 2013-08-21] (Microsoft Corporation)

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-11] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)

S3 AEAudioL; C:\Windows\system32\drivers\AEAudioL64.sys [25344 2012-09-05] (Andrea Electronics Corporation)

R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98064 2012-12-10] (Infowatch)

R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67344 2012-12-10] (Infowatch)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)

S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [408136 2013-05-08] (Realsil Semiconductor Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-06-30] (Synaptics Incorporated)

U0 upxbpx; C:\Windows\System32\drivers\dbhu.sys [79064 2015-02-10] (Malwarebytes Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-10 20:19 - 2015-02-10 20:21 - 00024874 _____ () C:\Users\LindaJackim\Desktop\FRST.txt

2015-02-10 20:18 - 2015-02-10 20:18 - 02132992 _____ (Farbar) C:\Users\LindaJackim\Desktop\FRST64.exe

2015-02-10 15:16 - 2015-02-10 15:16 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\dbhu.sys

2015-02-10 15:16 - 2015-02-10 15:16 - 00001844 _____ () C:\MalwareBytes Report.txt

2015-02-10 15:16 - 2015-02-10 15:16 - 00000900 _____ () C:\WINDOWS\Tasks\anbteq

2015-02-10 14:23 - 2015-02-10 14:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\LindaJackim\Desktop\mbam-setup-2.0.4.1028.exe

2015-02-10 14:14 - 2015-02-10 14:14 - 00000000 ____H () C:\ProgramData\cm-lock

2015-02-10 12:36 - 2015-02-10 12:36 - 02112512 _____ () C:\Users\LindaJackim\Desktop\AdwCleaner (1).exe

2015-02-09 12:58 - 2015-02-09 12:58 - 00031744 _____ () C:\Users\LindaJackim\Documents\~WRA1515.wbk

2015-02-09 12:27 - 2015-02-09 12:27 - 02112512 _____ () C:\Users\LindaJackim\Desktop\AdwCleaner.exe

2015-02-08 18:47 - 2015-02-08 19:13 - 00072942 _____ () C:\Users\LindaJackim\Desktop\SystemLook.txt

2015-02-08 18:45 - 2015-02-08 18:45 - 00165376 _____ () C:\Users\LindaJackim\Desktop\SystemLook_x64.exe

2015-02-07 18:16 - 2015-02-07 18:16 - 01194992 _____ (www.startisback.com) C:\Users\LindaJackim\StartIsBackPlus_setup (2).exe

2015-02-07 18:16 - 2015-02-07 18:16 - 01194992 _____ (www.startisback.com) C:\Users\LindaJackim\StartIsBackPlus_setup (1).exe

2015-02-07 18:12 - 2015-02-07 18:13 - 00945560 _____ (www.startisback.com) C:\Users\LindaJackim\StartIsBack_setup.exe

2015-02-07 16:17 - 2015-02-10 12:07 - 00000000 ____D () C:\WINDOWS\pss

2015-02-07 16:03 - 2015-02-07 16:05 - 00000000 ____D () C:\Users\Guest

2015-02-07 16:03 - 2015-02-07 16:03 - 00000020 ___SH () C:\Users\Guest\ntuser.ini

2015-02-07 16:03 - 2014-11-13 14:48 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-02-07 16:03 - 2014-11-10 15:04 - 00000000 ____D () C:\Users\Guest\Documents\hp.system.package.metadata

2015-02-07 16:03 - 2014-11-10 15:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help

2015-02-07 16:03 - 2014-09-24 03:50 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-02-07 16:03 - 2014-03-18 04:13 - 00000369 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2015-02-07 16:03 - 2014-03-18 04:13 - 00000369 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2015-02-07 16:03 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-07 16:03 - 2013-08-22 09:36 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-02-06 17:35 - 2015-02-06 17:39 - 00029749 _____ () C:\Users\LindaJackim\Addition.txt

2015-02-06 17:28 - 2015-02-06 17:39 - 00045748 _____ () C:\Users\LindaJackim\FRST.txt

2015-02-06 17:23 - 2015-02-06 17:24 - 02131968 _____ (Farbar) C:\Users\LindaJackim\FRST64.exe

2015-02-06 13:16 - 2015-02-06 13:16 - 00000000 ____D () C:\Users\LindaJackim\Desktop\Ginge

2015-02-05 00:07 - 2015-02-05 00:07 - 00001110 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2015-02-05 00:07 - 2015-02-05 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2015-02-04 23:53 - 2015-02-02 12:13 - 01388274 _____ (Thisisu) C:\Users\LindaJackim\Desktop\JRT_NEW.exe

2015-02-04 23:52 - 2015-02-04 23:52 - 00789968 _____ (%VENDOR%) C:\Users\LindaJackim\Unconfirmed 720314.crdownload

2015-02-04 23:49 - 2015-02-04 23:49 - 00022528 _____ () C:\Users\LindaJackim\AppData\Local\dsisetup1180897812.exe

2015-02-04 23:49 - 2015-02-04 23:49 - 00000010 _____ () C:\Users\LindaJackim\AppData\Local\DSI.DAT

2015-02-04 23:15 - 2015-02-04 23:17 - 00001091 _____ () C:\Users\LindaJackim\Desktop\Duplicate_Files_Deleter.exe.lnk

2015-02-04 22:59 - 2015-02-04 22:59 - 00000000 ____D () C:\Users\LindaJackim\duplicate_files_deleter

2015-02-04 22:51 - 2015-02-04 22:52 - 00906024 _____ ( ) C:\Users\LindaJackim\winzip19-dl (1).exe

2015-02-04 22:49 - 2015-02-04 22:57 - 00000000 ____D () C:\Users\LindaJackim\AppData\Local\WinZip

2015-02-04 22:49 - 2015-02-04 22:49 - 00002302 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk

2015-02-04 22:49 - 2015-02-04 22:49 - 00002296 _____ () C:\Users\Public\Desktop\WinZip.lnk

2015-02-04 22:49 - 2015-02-04 22:49 - 00000000 ____D () C:\Users\LindaJackim\AppData\Local\114487671

2015-02-04 22:49 - 2015-02-04 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

2015-02-04 22:49 - 2015-02-04 22:49 - 00000000 ____D () C:\Program Files\WinZip

2015-02-04 22:48 - 2015-02-04 22:48 - 00000000 ____D () C:\Program Files\File Association Helper

2015-02-04 22:47 - 2015-02-04 22:47 - 00906024 _____ ( ) C:\Users\LindaJackim\winzip19-dl.exe

2015-02-04 22:30 - 2015-02-04 22:30 - 00027180 _____ () C:\Users\LindaJackim\WinZip® papers.html

2015-02-04 22:21 - 2015-02-04 22:29 - 120105328 _____ () C:\Users\LindaJackim\Unconfirmed 5833.crdownload

2015-02-04 21:48 - 2015-02-04 21:48 - 00183046 _____ () C:\Users\LindaJackim\Desktop\duplicate_files_deleter.zip

2015-02-03 14:58 - 2015-02-03 14:58 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2015-02-03 14:58 - 2015-02-03 14:58 - 00000000 ____D () C:\ProgramData\Sun

2015-02-03 14:58 - 2015-02-03 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-02-03 14:58 - 2015-02-03 14:58 - 00000000 ____D () C:\Program Files (x86)\Java

2015-02-03 14:51 - 2015-02-03 14:58 - 00000000 ____D () C:\ProgramData\Oracle

2015-02-03 14:51 - 2015-02-03 14:51 - 00639400 _____ (Oracle Corporation) C:\Users\LindaJackim\chromeinstall-8u31.exe

2015-02-02 23:45 - 2015-02-02 23:45 - 00000149 ____H () C:\Users\LindaJackim\.picasa.ini

2015-01-27 15:38 - 2015-01-27 15:38 - 00000000 _____ () C:\Users\LindaJackim\Sti_Trace.log

2015-01-27 15:33 - 2015-01-27 15:33 - 00000000 ____D () C:\Users\LindaJackim\Documents\ControlCenter4

2015-01-27 14:21 - 2015-01-27 14:21 - 00000055 _____ () C:\WINDOWS\SysWOW64\BRDH2280DW.DAT

2015-01-27 14:01 - 2015-01-27 14:01 - 00000000 ____D () C:\Users\LindaJackim\Desktop\wlan_wiz

2015-01-27 14:01 - 2015-01-27 14:01 - 00000000 ____D () C:\Users\LindaJackim\Desktop\install

2015-01-27 13:59 - 2015-01-27 14:01 - 129191528 _____ (A.I.SOFT,INC.) C:\Users\LindaJackim\Desktop\HL-2280DW-inst-C1-USA.EXE

2015-01-27 12:52 - 2015-01-27 12:52 - 00000000 ____D () C:\Users\LindaJackim\Desktop\64

2015-01-27 12:48 - 2015-01-27 12:48 - 18255551 _____ (A.I.SOFT,INC.) C:\Users\LindaJackim\Desktop\Y10E_C1-gdi-64-D2.EXE

2015-01-25 13:39 - 2015-01-25 13:39 - 02738504 _____ (Google Inc.) C:\Users\LindaJackim\gpautobackup_setup.exe

2015-01-20 17:05 - 2015-02-10 19:53 - 00000000 ____D () C:\AdwCleaner

2015-01-20 17:05 - 2015-01-20 17:05 - 02186752 _____ () C:\Users\LindaJackim\AdwCleaner.exe

2015-01-20 17:03 - 2015-01-20 17:03 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\LindaJackim\1BAF.tmp

2015-01-20 16:19 - 2015-01-20 16:19 - 01707939 _____ (Thisisu) C:\Users\LindaJackim\JRT (1).exe

2015-01-20 16:00 - 2015-01-20 16:00 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\LindaJackim\tdsskiller (2).exe

2015-01-20 15:59 - 2015-01-20 15:59 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\LindaJackim\tdsskiller (1).exe

2015-01-18 18:30 - 2015-01-18 18:30 - 00032635 _____ () C:\Users\LindaJackim\DFollow My Health™  Universal Health Record.html

2015-01-18 18:30 - 2015-01-18 18:30 - 00032635 _____ () C:\Users\LindaJackim\CFollow My Health™  Universal Health Record.html

2015-01-18 18:29 - 2015-01-18 18:29 - 00032635 _____ () C:\Users\LindaJackim\BFollow My Health™  Universal Health Record.html

2015-01-18 18:29 - 2015-01-18 18:29 - 00032635 _____ () C:\Users\LindaJackim\AFollow My Health™  Universal Health Record.html

2015-01-18 18:18 - 2015-01-18 18:19 - 00000171 _____ () C:\Users\LindaJackim\Desktop\Premier Neurosurgery.url

2015-01-18 17:47 - 2015-01-18 17:47 - 00032635 _____ () C:\Users\LindaJackim\Follow My Health™  Universal Health Record.html123.html

2015-01-18 17:46 - 2015-01-18 17:46 - 00032635 _____ () C:\Users\LindaJackim\2nd page.html

2015-01-18 17:45 - 2015-01-18 17:45 - 00032635 _____ () C:\Users\LindaJackim\Follow My Health™  Universal Health Record.html

2015-01-17 19:21 - 2015-01-17 19:22 - 00029696 _____ () C:\Users\LindaJackim\Backup of Martin_Medical_Customer_Satisfaction_Survey_(4)[1].wbk

2015-01-14 09:54 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2015-01-14 09:54 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

2015-01-14 09:54 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

2015-01-14 09:54 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2015-01-14 09:54 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2015-01-14 09:54 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2015-01-14 09:54 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2015-01-14 09:54 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2015-01-14 09:54 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2015-01-14 09:54 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2015-01-14 09:54 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2015-01-14 09:54 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2015-01-14 09:54 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-01-14 09:54 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-01-14 09:54 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2015-01-14 09:54 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2015-01-14 09:54 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2015-01-14 09:54 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2015-01-14 09:54 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2015-01-14 09:54 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2015-01-14 09:54 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2015-01-14 09:54 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2015-01-14 09:54 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2015-01-14 09:54 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2015-01-14 09:54 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2015-01-14 09:54 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2015-01-14 09:54 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll

2015-01-14 09:54 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll

2015-01-14 09:54 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll

2015-01-14 09:54 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-01-14 09:54 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-10 20:25 - 2014-09-26 11:03 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-02-10 20:21 - 2014-11-10 14:40 - 01130336 _____ () C:\WINDOWS\WindowsUpdate.log

2015-02-10 20:19 - 2014-02-13 19:42 - 00000000 ____D () C:\FRST

2015-02-10 20:18 - 2014-11-10 14:53 - 00000000 ____D () C:\Users\LindaJackim

2015-02-10 20:02 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-02-10 19:56 - 2014-11-22 07:41 - 00000944 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001UA.job

2015-02-10 19:55 - 2014-06-23 16:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-02-10 19:42 - 2014-06-25 04:07 - 00000000 __RDO () C:\Users\LindaJackim\OneDrive

2015-02-10 19:41 - 2014-07-07 04:20 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-10 19:10 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-02-10 18:24 - 2014-06-18 03:30 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5344D135-1295-4DDB-8E74-95D48A5E434F}

2015-02-10 18:17 - 2014-07-07 04:20 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-10 14:28 - 2014-07-06 14:35 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-02-10 14:25 - 2014-07-06 06:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-10 14:25 - 2014-07-06 06:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-10 14:25 - 2014-06-25 01:49 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-10 14:19 - 2014-09-24 01:15 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-02-10 14:15 - 2014-07-27 13:43 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware

2015-02-10 14:14 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-02-10 14:13 - 2013-08-22 08:46 - 00346414 _____ () C:\WINDOWS\setupact.log

2015-02-10 12:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-02-09 13:23 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-02-09 12:40 - 2014-09-24 01:03 - 00013926 _____ () C:\WINDOWS\PFRO.log

2015-02-09 12:29 - 2014-06-18 03:39 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2815386680-214033250-1931965115-1001

2015-02-07 17:56 - 2014-11-22 07:41 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001Core.job

2015-02-07 17:51 - 2014-11-22 07:41 - 00003902 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001UA

2015-02-07 17:51 - 2014-11-22 07:41 - 00003522 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001Core

2015-02-04 23:49 - 2014-08-28 12:10 - 00000139 _____ () C:\Users\LindaJackim\AppData\Roaming\WB.CFG

2015-02-04 22:50 - 2014-08-28 11:10 - 00000000 ____D () C:\ProgramData\WinZip

2015-02-04 22:48 - 2014-07-27 16:06 - 00003194 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForLindaJackim

2015-02-04 22:48 - 2014-07-27 16:06 - 00000368 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForLindaJackim.job

2015-02-04 21:56 - 2013-07-19 21:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools

2015-02-04 21:56 - 2013-07-19 21:15 - 00000000 ___HD () C:\HP

2015-02-04 16:55 - 2014-06-23 16:48 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-02-03 13:31 - 2014-11-14 01:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-02-03 13:31 - 2014-11-14 01:59 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-02-03 09:41 - 2013-10-21 17:48 - 00000000 ____D () C:\ProgramData\Temp

2015-02-02 18:42 - 2014-09-26 11:57 - 00128976 _____ () C:\Users\LindaJackim\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-30 23:36 - 2014-07-07 04:20 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-30 23:36 - 2014-07-07 04:20 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-27 15:55 - 2014-11-05 08:06 - 00000000 ____D () C:\Users\LindaJackim\Documents\Wondershare PDF to Word

2015-01-27 15:31 - 2014-08-03 17:08 - 00000000 ____D () C:\Users\LindaJackim\AppData\Roaming\ControlCenter4

2015-01-27 14:23 - 2014-08-03 16:38 - 00000000 ____D () C:\ProgramData\ControlCenter4

2015-01-27 14:23 - 2014-08-03 16:38 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4

2015-01-27 14:23 - 2014-08-03 16:38 - 00000000 ____D () C:\Program Files (x86)\Browny02

2015-01-22 12:28 - 2014-11-18 04:55 - 00002035 _____ () C:\Users\LindaJackim\AppData\Roaming\SAS7_000.DAT

2015-01-16 16:40 - 2014-06-18 16:06 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-01-16 16:28 - 2014-06-18 16:06 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-01-14 15:45 - 2013-08-22 08:44 - 00499128 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

 

==================== Files in the root of some directories =======

 

2014-06-16 08:45 - 2014-06-16 08:34 - 0005212 _____ () C:\Program Files\route.print.txt

2014-08-18 09:48 - 2014-08-18 09:52 - 152183640 _____ (Hewlett-Packard                                             ) C:\Program Files\sp64853.exe

2014-05-28 08:46 - 2014-10-20 02:35 - 0000786 _____ () C:\Program Files (x86)\.android.lnk

2014-08-03 16:56 - 2014-08-03 16:57 - 129191528 _____ (A.I.SOFT,INC.) C:\Program Files (x86)\HL-2280DW-inst-C1-USA.EXE

2014-11-18 04:55 - 2015-01-22 12:28 - 0002035 _____ () C:\Users\LindaJackim\AppData\Roaming\SAS7_000.DAT

2014-08-28 12:10 - 2015-02-04 23:49 - 0000139 _____ () C:\Users\LindaJackim\AppData\Roaming\WB.CFG

2015-02-04 23:49 - 2015-02-04 23:49 - 0000010 _____ () C:\Users\LindaJackim\AppData\Local\DSI.DAT

2015-02-04 23:49 - 2015-02-04 23:49 - 0022528 _____ () C:\Users\LindaJackim\AppData\Local\dsisetup1180897812.exe

2014-06-24 15:00 - 2014-10-22 09:34 - 0007634 _____ () C:\Users\LindaJackim\AppData\Local\resmon.resmoncfg

2015-02-10 14:14 - 2015-02-10 14:14 - 0000000 ____H () C:\ProgramData\cm-lock

2014-12-27 18:13 - 2014-12-28 18:14 - 0002796 _____ () C:\ProgramData\hpzinstall.log

 

Files to move or delete:

====================

C:\Users\LindaJackim\AdwCleaner.exe

C:\Users\LindaJackim\AIO_CDB_FSW_Full_Win_WW_140_408.exe

C:\Users\LindaJackim\chromeinstall-8u31.exe

C:\Users\LindaJackim\duplicatephotofinder_setup.exe

C:\Users\LindaJackim\Duplicate_Files_Deleter.exe

C:\Users\LindaJackim\FRST64.exe

C:\Users\LindaJackim\gpautobackup_setup.exe

C:\Users\LindaJackim\hppiw.exe

C:\Users\LindaJackim\ispsetup.exe

C:\Users\LindaJackim\JRT (1).exe

C:\Users\LindaJackim\JRT.exe

C:\Users\LindaJackim\RecoverMyFiles-Setup.exe

C:\Users\LindaJackim\StartIsBackPlus_setup (1).exe

C:\Users\LindaJackim\StartIsBackPlus_setup (2).exe

C:\Users\LindaJackim\StartIsBackPlus_setup.exe

C:\Users\LindaJackim\StartIsBack_setup.exe

C:\Users\LindaJackim\taglib-sharp.dll

C:\Users\LindaJackim\tdsskiller (1).exe

C:\Users\LindaJackim\tdsskiller (2).exe

C:\Users\LindaJackim\tdsskiller.exe

C:\Users\LindaJackim\WinShell.dll

C:\Users\LindaJackim\winzip19-dl (1).exe

C:\Users\LindaJackim\winzip19-dl.exe

 

 

Some content of TEMP:

====================

C:\Users\LindaJackim\AppData\Local\Temp\HPInstaller.exe

C:\Users\LindaJackim\AppData\Local\Temp\Quarantine.exe

C:\Users\LindaJackim\AppData\Local\Temp\sqlite3.dll

C:\Users\LindaJackim\AppData\Local\Temp\vmw.exe

C:\Users\LindaJackim\AppData\Local\Temp\VSTStubSetup.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-07 16:14

 

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015

Ran by LindaJackim at 2015-02-10 20:26:25

Running from C:\Users\LindaJackim\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Emsisoft Anti-Malware (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

3100_3200_3300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden

3100_3200_3300trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden

3300 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)

AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden

AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden

AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden

Andrea Electronics AudioCommander (HKLM-x32\...\{062FB0F6-8F13-480A-B11E-65A01A64E95B}) (Version:  - Andrea Electronics Corporation)

Andrea Electronics USB Audio (HKLM-x32\...\{96793F18-9880-4E50-A89B-D42A591CD8D3}) (Version:  - Andrea Electronics Corporation)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Brother MFL-Pro Suite HL-2280DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)

BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)

Canon MG6400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6400_series) (Version: 1.01 - Canon Inc.)

Canon MG6400 series On-screen Manual (HKLM-x32\...\Canon MG6400 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)

Canon MG6400 series User Registration (HKLM-x32\...\Canon MG6400 series User Registration) (Version:  - Canon Inc.)

Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)

Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)

Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)

Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden

DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden

Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)

Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)

Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)

Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden

File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Google+ Auto Backup (HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)

GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)

HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)

HP Connected Music (Meridian - player) (HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)

HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)

HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden

HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden

Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

PageFour 1.86 (HKLM-x32\...\PageFour_is1) (Version:  - Bad Wolf Software)

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)

Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden

Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)

Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)

StartIsBack+ (HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\StartIsBack) (Version: 1.7 - startisback.com)

Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)

Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )

Wondershare PDF to Word (Build 4.0.1) (HKLM-x32\...\{90599D63-1879-4B90-BE4F-051CE70FA576}_is1) (Version: 4.0.1 - Wondershare Software)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

14-01-2015 10:22:24 Windows Update

23-01-2015 12:20:45 Windows Update

27-01-2015 14:22:03 Installed Brother Software Suite

05-02-2015 15:02:53 Windows Update

10-02-2015 19:01:53 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {12469DEC-CB61-4FD8-AFED-84085DC071B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07] (Google Inc.)

Task: {1685E8DD-F58E-4701-B1F1-E5D092E1C153} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {37A03F90-00B3-44C6-A5C4-C03BEBC292DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07] (Google Inc.)

Task: {48020513-36D7-4D6F-866C-CE3243CFF176} - System32\Tasks\{6BAB7D4E-1603-4EF8-B77E-C8E24A2EA1AF} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MG6400 series\IJEREG.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6400 series User Registration"

Task: {5408E701-D367-4437-ABB7-515462689319} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)

Task: {59BFE426-ED9E-45F1-8D3A-2F577AD24482} - System32\Tasks\HPCeeScheduleForLindaJackim => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)

Task: {7C69BBD1-A8EE-4E39-8CF4-642C4E81DD78} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-16] (Microsoft Corporation)

Task: {85913288-EEF8-4CD1-A52E-0CD08FF5CF54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001Core => C:\Users\LindaJackim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-22] (Google Inc.)

Task: {95040BF0-3946-4F50-9FC7-6E8D45F86786} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-06-30] (Synaptics Incorporated)

Task: {A6B1FFC7-2D28-4062-9154-CF948B874CB7} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2815386680-214033250-1931965115-1001

Task: {C38561C9-A690-40BE-AF79-063EADC7C35D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001UA => C:\Users\LindaJackim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-22] (Google Inc.)

Task: {D0895E40-384D-447D-9000-6454AC5B5209} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2815386680-214033250-1931965115-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {D4D13867-2CB6-4532-AE45-628C3E0156E6} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001Core.job => C:\Users\LindaJackim\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001UA.job => C:\Users\LindaJackim\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForLindaJackim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-10-29 09:30 - 2013-05-14 03:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

2014-08-03 16:38 - 2005-04-21 22:36 - 00143360 ____N () C:\WINDOWS\system32\BrSNMP64.dll

2014-10-03 09:36 - 2014-10-03 09:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe

2014-08-29 15:43 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll

2013-10-21 17:27 - 2013-05-08 15:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-02-06 10:42 - 2015-02-04 03:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll

2015-02-06 10:42 - 2015-02-04 03:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll

2015-02-06 10:42 - 2015-02-04 03:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\.android:ms-properties

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8

AlternateDataStreams: C:\Users\LindaJackim\OneDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Registry Areas =====================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2815386680-214033250-1931965115-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run32: => "ControlCenter4"

HKLM\...\StartupApproved\Run32: => "BrStsMon00"

HKLM\...\StartupApproved\Run32: => "AudioCommanderVista"

HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"

HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"

HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\StartupApproved\StartupFolder: => "wandoujia_helper.lnk"

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2815386680-214033250-1931965115-500 - Administrator - Disabled) => C:\Users\Administrator

Guest (S-1-5-21-2815386680-214033250-1931965115-501 - Limited - Enabled) => C:\Users\Guest

LindaJackim (S-1-5-21-2815386680-214033250-1931965115-1001 - Administrator - Enabled) => C:\Users\LindaJackim

 

==================== Faulty Device Manager Devices =============

 

Name: Photosmart 3300 series

Description: Photosmart 3300 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart 3300 series

Description: Photosmart 3300 series

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: HP

Service: StillCam

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/10/2015 02:21:14 PM) (Source: DNS logging) (EventID: 0) (User: )

Description: Logger: Socket error: 10054

 

Error: (02/10/2015 02:12:20 PM) (Source: DNS logging) (EventID: 0) (User: )

Description: Logger: Socket error: 10054

 

Error: (02/10/2015 01:58:08 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program AdwCleaner (1).exe version 4.1.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: f20

 

Start Time: 01d0456080cac8a5

 

Termination Time: 4294967295

 

Application Path: C:\Users\LindaJackim\Desktop\AdwCleaner (1).exe

 

Report Id: 1e988080-b15f-11e4-bedf-a0481c25f8d8

 

Faulting package full name:

 

Faulting package-relative application ID:

 

Error: (02/08/2015 07:20:32 PM) (Source: DNS logging) (EventID: 0) (User: )

Description: Logger: Socket error: 10054

 

Error: (02/08/2015 07:20:29 PM) (Source: DNS logging) (EventID: 0) (User: )

Description: Logger: Socket error: 10054

 

Error: (02/07/2015 06:09:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mmc.exe, version: 6.3.9600.16384, time stamp: 0x5215ef8f

Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e

Exception code: 0xe0434352

Fault offset: 0x000000000000606c

Faulting process id: 0x10b8

Faulting application start time: 0xmmc.exe0

Faulting application path: mmc.exe1

Faulting module path: mmc.exe2

Report Id: mmc.exe3

Faulting package full name: mmc.exe4

Faulting package-relative application ID: mmc.exe5

 

Error: (02/07/2015 06:09:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: mmc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Reflection.TargetInvocationException
Stack:
   at Microsoft.ManagementConsole.Executive.MmcThreadMessageWindow.OnThreadException(Exception e)

   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

   at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)

   at System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr dwComponentID, Int32 reason, Int32 pvLoopData)

   at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)

   at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)

   at Microsoft.ManagementConsole.Internal.SnapInMessagePumpProxy.Microsoft.ManagementConsole.Internal.ISnapInMessagePumpProxy.Run()
   at Microsoft.ManagementConsole.Executive.SnapInThread.OnThreadStart()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

 

Error: (02/07/2015 04:34:06 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

Operation:
   Instantiating VSS server

 

Error: (02/07/2015 04:34:06 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

]

Operation:
   Instantiating VSS server

 

Error: (02/07/2015 04:34:06 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

Operation:
   Instantiating VSS server

 

 

System errors:

=============

Error: (02/10/2015 02:15:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The RIP Listener service hung on starting.

 

Error: (02/10/2015 02:14:05 PM) (Source: IPRIP) (EventID: 29048) (User: )

Description: RIP listener service failed during initialization

 

Error: (02/10/2015 02:13:11 PM) (Source: DCOM) (EventID: 10010) (User: LINDA)

Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

 

Error: (02/10/2015 00:17:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The RIP Listener service hung on starting.

 

Error: (02/10/2015 00:16:10 PM) (Source: IPRIP) (EventID: 29048) (User: )

Description: RIP listener service failed during initialization

 

Error: (02/09/2015 00:40:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

 

Error: (02/09/2015 00:39:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:

%%1058

 

Error: (02/09/2015 00:39:31 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Print Spooler service, but this action failed with the following error:

%%1058

 

Error: (02/09/2015 00:39:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (02/09/2015 00:39:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Distributed Transaction Coordinator service, but this action failed with the following error:

%%1058

 

 

Microsoft Office Sessions:

=========================

Error: (11/05/2014 02:46:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-02-07 16:35:30.411

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-06 17:44:35.945

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-03 15:22:16.252

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-31 12:57:17.721

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-30 23:45:38.790

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-28 11:15:54.881

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-27 14:41:20.872

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-25 18:32:14.539

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-25 18:32:14.407

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-25 18:32:14.147

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz

Percentage of memory in use: 58%

Total physical RAM: 3866.15 MB

Available physical RAM: 1621.56 MB

Total Pagefile: 4634.15 MB

Available Pagefile: 1492.6 MB

Total Virtual: 131072 MB

Available Virtual: 131071.78 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:671.83 GB) (Free:599.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:25.25 GB) (Free:2.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 698.6 GB) (Disk ID: D031B727)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 12 February 2015 - 06:43 AM

Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 ljwerlein

ljwerlein
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:01:59 AM

Posted 12 February 2015 - 10:26 PM

Finally, here it is!

 

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=db80eff10e4a66458f1d090ee7cf007a

# engine=22443

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-02-12 11:14:41

# local_time=2015-02-12 05:14:41 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.2.9200 NT

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 349579 14000800 0 0

# scanned=216248

# found=17

# cleaned=17

# scan_time=4967

sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"

sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"

sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"

sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"

sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"

sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"

sh=029CA3EF4DBD3F92B3159278E729D9223E3E0516 ft=1 fh=2c9d26a3b7ea0b98 vn="Win32/OutBrowse.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\duplicatephotofinder_setup.exe"

sh=0C1028AEDCF4D498A1D27A478E5B3A9D59BCED08 ft=1 fh=9d879b00b381d584 vn="a variant of Win32/InstallCore.WI potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\Unconfirmed 720314.crdownload"

sh=2289807242A625AFCAD9C8DFACEF30085FECEE02 ft=1 fh=11769a64bb61ff1f vn="a variant of Win32/InstallCore.TS potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\winzip19-dl (1).exe"

sh=2289807242A625AFCAD9C8DFACEF30085FECEE02 ft=1 fh=11769a64bb61ff1f vn="a variant of Win32/InstallCore.TS potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\winzip19-dl.exe"

sh=CB32C0F9BDDCA650B8C9168A70D566C3572BBAF3 ft=1 fh=317ef460869d8aae vn="Win32/Astromenda potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\AppData\Local\Temp\vmw.exe"

sh=4375048547EAE9DFA2AB7D0672209700601874AC ft=1 fh=14e056afe183ca64 vn="a variant of Win32/DealPly.AG potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\AppData\Local\Temp\VSTStubSetup.exe"

sh=F68FB4F3EDBACF6F58824DBB8464ACA7D2B204C7 ft=1 fh=82858a0bc5c74c0d vn="a variant of Win32/InstallCore.JW potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\Documents\GOF\Pictures\MediaPlayerSetup.exe"

sh=1F5C0B9CD018BD25E2E64070DF81F5DBE9BC9DEE ft=1 fh=60ccc9ece4610fe9 vn="a variant of Win32/TorchMedia potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\Documents\GOF\Pictures\TorchSetup-r294-n-bc.exe"

sh=B0F2946A3FC2D18B740A98E0D73743AFFC78AD49 ft=1 fh=799445eabd55e91f vn="Win32/DownloadAdmin.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\Documents\GOF\SkyDrive\Documents\browserupdate-setup.exe"

sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\Documents\GOF\SkyDrive\Documents\Personal\wzmp_8.exe"

sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\OneDrive\Documents\Users\LindaJackim\Documents\Personal\wzmp_8.exe"

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=db80eff10e4a66458f1d090ee7cf007a

# engine=22446

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-02-13 02:43:47

# local_time=2015-02-12 08:43:47 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.2.9200 NT

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 0 14013346 0 0

# scanned=216064

# found=6

# cleaned=6

# scan_time=10526

sh=A0019C1406B60C51CD47B7E3604E35C27A25F36A ft=1 fh=76413eff5e1c9bbd vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\Unconfirmed 5833.crdownload"

sh=730F6734A10317E9966800B92B2F0AC7D2E05B7B ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\AppData\Local\Temp\is360511915\72AEF3C7_stp.MSI"

sh=162E433341A3E374A135872AFC567420CE770EFD ft=1 fh=e70753dd4257bdb6 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\Documents\GOF\SkyDrive\Documents\Users\LindaJackim\Desktop\disketchsetup.exe"

sh=2F3FAFAC28D2A0191B524704ED6B8B0E533B3630 ft=1 fh=17a186c0e2f206d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\OneDrive\Articles\spsetup126.exe"

sh=162E433341A3E374A135872AFC567420CE770EFD ft=1 fh=e70753dd4257bdb6 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\LindaJackim\OneDrive\Documents\Users\LindaJackim\Desktop\disketchsetup.exe"

sh=730F6734A10317E9966800B92B2F0AC7D2E05B7B ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\6d29ebf.msi"



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 13 February 2015 - 03:52 AM

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 ljwerlein

ljwerlein
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:01:59 AM

Posted 13 February 2015 - 02:13 PM

Vosteran still shows up in the list of browsers, on my Google "settings" page, under "manage search engines."  

 

When I start my computer, after the sign-in and welcome page, the screen goes black and I can only see the cursor. I have to use control/alt/delete to bring up the task manager, click on "run new task,",and type in www.explorer.exe in order to bring up my desktop. However, this morning it would not bring up my desktop, only a list of files on my desktop. 

 

The computer is slow to open files.

 

How can I get my desktop to open when I start? I've done the "choose specific page" in Google settings, asked for Google to be the page that opens, but it will not do it.

 

Will you please help me get the computer back to normal?

 

Thank you,

 

Linda 



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 13 February 2015 - 03:07 PM

Hi Linda,
can you please try to produce FRST logs?

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 ljwerlein

ljwerlein
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:01:59 AM

Posted 13 February 2015 - 04:06 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by LindaJackim (administrator) on LINDA on 13-02-2015 14:30:03
Running from C:\Users\LindaJackim\Desktop
Loaded Profiles: LindaJackim (Available profiles: LindaJackim & Administrator & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEFiltersSrv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2014-06-26] (Realtek Semiconductor)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AudioCommanderVista] => C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe [2903752 2013-04-15] (Andrea Electronics Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [GoogleChromeAutoLaunch_0993A93C84C06445DB82E6FAE528D856] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [8B17D1778F917D64FC04E76F02895F13BCA7B2DB._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [Google Update] => C:\Users\LindaJackim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-11-22] (Google Inc.)
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Run: [Google+ Auto Backup] => C:\Users\LindaJackim\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\MountPoints2: {be7447de-3ab6-11e3-be72-806e6f6e6963} - "E:\AutoRun.exe" 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2815386680-214033250-1931965115-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKU\S-1-5-21-2815386680-214033250-1931965115-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll (Nuance Communications, Inc.)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2815386680-214033250-1931965115-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 69.196.208.8 69.196.208.10 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-2815386680-214033250-1931965115-1001: @tools.google.com/Google Update;version=3 -> C:\Users\LindaJackim\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2815386680-214033250-1931965115-1001: @tools.google.com/Google Update;version=9 -> C:\Users\LindaJackim\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Lightbeam - C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-07-07]
FF Extension: Adblock Plus - C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-21]
FF Extension: BetterPrivacy - C:\Users\LindaJackim\AppData\Roaming\Mozilla\Firefox\Profiles\oac181vq.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-06-21]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "chrome://newtab/", "https://chrome.google.com/", "hxxp://vosteran.com/?f=7&a=vst_wnzp_15_06&cd=2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtByD0Fzz0Dzzzy0E0FyCtN0D0Tzu0StCtCtAtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StC0E0C0EtAtBtBzztGzz0AyDyBtG0FzzyDyEtG0F0EyC0CtGyC0CyEtD0FtByCyC0C0A0FtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FyEtB0D0A0FtCtG0CtBtB0BtGyEzyzytBtGzztA0A0AtGyD0A0A0DyDyD0EtA0F0E0Czz2Q&cr=2039628636&ir=", "hxxp://vosteran.com/?f=7&a=&cd=&cr=&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Write Space) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aimodnlfiikjjnmdchihablmkdeobhad [2014-11-15]
CHR Extension: (Google Docs) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07]
CHR Extension: (Google Drive) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-13]
CHR Extension: (Fotor Photo Editor) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2014-07-07]
CHR Extension: (YouTube) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]
CHR Extension: (Ebates Cash Back) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-02-02]
CHR Extension: (Add to Amazon Wish List) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-07-07]
CHR Extension: (Google Search) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]
CHR Extension: (Good News) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\deegloljmdbfbjhlimieancmcfombgjj [2014-07-07]
CHR Extension: (Gmail Offline) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-11-15]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-07-07]
CHR Extension: (Classic) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2014-07-10]
CHR Extension: (Kindle Cloud Reader) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-07-21]
CHR Extension: (WhatFont) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2015-01-19]
CHR Extension: (Spell checker and Grammar checker by Ginger) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2014-07-07]
CHR Extension: (Google Mail Checker) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-07-07]
CHR Extension: (Print) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj [2014-07-07]
CHR Extension: (Do It (Tomorrow)) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo [2014-08-21]
CHR Extension: (Google Wallet) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]
CHR Extension: (Picasa) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-11-15]
CHR Extension: (Gmail) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR Extension: (Kippt) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldngiecbcfldpghnimmdelafenmbni [2014-07-07]
CHR Extension: (Writer) - C:\Users\LindaJackim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2014-11-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AEFilters; C:\Windows\system32\AEFiltersSrv64.exe [95232 2012-09-05] (Andrea Electronics Corporation)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Users\LindaJackim\AppData\Local\Temp\7zS6B21\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)
U2 iprip; C:\Windows\System32\iprip.dll [34816 2014-11-11] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10752 2013-08-21] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-11] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AEAudioL; C:\Windows\system32\drivers\AEAudioL64.sys [25344 2012-09-05] (Andrea Electronics Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98064 2012-12-10] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67344 2012-12-10] (Infowatch)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [408136 2013-05-08] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-06-30] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-13 14:29 - 2015-02-13 14:29 - 00000000 ____D () C:\Users\LindaJackim\Desktop\FRST-OlderVersion
2015-02-12 21:49 - 2015-02-12 21:49 - 00945560 _____ (www.startisback.com) C:\Users\LindaJackim\Desktop\StartIsBack_setup.exe
2015-02-12 21:40 - 2015-02-12 21:40 - 01194992 _____ (www.startisback.com) C:\Users\LindaJackim\Desktop\StartIsBackPlus_setup.exe
2015-02-12 20:53 - 2015-02-12 20:53 - 00000926 _____ () C:\Users\LindaJackim\Desktop\Second ESET report.txt
2015-02-12 17:39 - 2015-02-12 17:39 - 00002510 _____ () C:\Users\LindaJackim\Desktop\ESET Online Scanner Report.txt
2015-02-12 15:45 - 2015-02-12 15:45 - 00000000 ____H () C:\ProgramData\cm-lock
2015-02-12 15:26 - 2015-02-12 15:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-12 15:25 - 2015-02-12 15:25 - 02347384 _____ (ESET) C:\Users\LindaJackim\Desktop\Online Scanneresetsmartinstaller_enu.exe
2015-02-11 22:05 - 2015-02-11 22:05 - 00254019 _____ () C:\Users\LindaJackim\Desktop\Greek Law
2015-02-11 14:16 - 2015-02-11 14:16 - 00019617 _____ () C:\Users\LindaJackim\Desktop\Your Donation Is Complete - PayPal.html
2015-02-11 13:14 - 2015-01-22 22:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-11 13:14 - 2015-01-22 21:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 13:05 - 2015-01-19 12:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 13:05 - 2014-12-19 02:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 13:05 - 2014-12-19 02:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 13:05 - 2014-12-08 17:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 20:26 - 2015-02-10 20:29 - 00033103 _____ () C:\Users\LindaJackim\Desktop\Addition.txt
2015-02-10 20:19 - 2015-02-13 14:30 - 00024388 _____ () C:\Users\LindaJackim\Desktop\FRST.txt
2015-02-10 20:18 - 2015-02-13 14:29 - 02134016 _____ (Farbar) C:\Users\LindaJackim\Desktop\FRST64.exe
2015-02-10 18:21 - 2015-01-15 16:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 18:21 - 2015-01-15 16:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 18:21 - 2015-01-13 22:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 18:21 - 2015-01-13 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 18:21 - 2015-01-13 16:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 18:21 - 2015-01-13 16:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 18:21 - 2015-01-11 21:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 18:21 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 18:21 - 2015-01-10 03:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 18:21 - 2015-01-10 03:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 18:21 - 2015-01-10 02:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 18:21 - 2015-01-10 01:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 18:21 - 2015-01-10 00:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 18:21 - 2014-12-08 21:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 18:21 - 2014-12-08 19:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 18:21 - 2014-10-28 20:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-10 18:21 - 2014-10-28 20:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-10 18:21 - 2014-10-28 20:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-10 18:21 - 2014-10-28 20:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-10 18:21 - 2014-10-28 20:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 18:21 - 2014-10-28 20:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 18:21 - 2014-10-28 19:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 18:21 - 2014-10-28 19:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 18:21 - 2014-10-28 19:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 18:21 - 2014-10-28 19:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 18:21 - 2014-10-28 19:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 18:21 - 2014-10-28 19:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 18:21 - 2014-10-28 19:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 18:20 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 18:20 - 2015-01-11 20:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 18:20 - 2015-01-11 20:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 18:20 - 2015-01-11 20:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 18:20 - 2015-01-11 20:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 18:20 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 18:20 - 2015-01-11 20:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 18:20 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 18:20 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 18:20 - 2015-01-11 19:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 18:20 - 2015-01-11 19:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 18:20 - 2015-01-11 19:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 18:20 - 2015-01-11 19:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 18:20 - 2015-01-11 19:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 18:20 - 2015-01-11 19:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 18:20 - 2015-01-11 19:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 18:20 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 18:20 - 2015-01-11 19:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 18:20 - 2015-01-11 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 18:20 - 2015-01-11 19:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 18:20 - 2015-01-11 19:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 18:20 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 18:20 - 2015-01-11 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 18:20 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 18:20 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 18:20 - 2015-01-11 19:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 18:20 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 18:20 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 18:20 - 2015-01-11 19:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 18:20 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 18:20 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 18:19 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 18:19 - 2015-01-10 02:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 15:16 - 2015-02-10 15:16 - 00001844 _____ () C:\MalwareBytes Report.txt
2015-02-10 14:23 - 2015-02-10 14:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\LindaJackim\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-10 12:36 - 2015-02-10 12:36 - 02112512 _____ () C:\Users\LindaJackim\Desktop\AdwCleaner (1).exe
2015-02-09 12:58 - 2015-02-09 12:58 - 00031744 _____ () C:\Users\LindaJackim\Documents\~WRA1515.wbk
2015-02-09 12:27 - 2015-02-09 12:27 - 02112512 _____ () C:\Users\LindaJackim\Desktop\AdwCleaner.exe
2015-02-08 18:47 - 2015-02-08 19:13 - 00072942 _____ () C:\Users\LindaJackim\Desktop\SystemLook.txt
2015-02-08 18:45 - 2015-02-08 18:45 - 00165376 _____ () C:\Users\LindaJackim\Desktop\SystemLook_x64.exe
2015-02-07 18:16 - 2015-02-07 18:16 - 01194992 _____ (www.startisback.com) C:\Users\LindaJackim\StartIsBackPlus_setup (2).exe
2015-02-07 18:16 - 2015-02-07 18:16 - 01194992 _____ (www.startisback.com) C:\Users\LindaJackim\StartIsBackPlus_setup (1).exe
2015-02-07 18:12 - 2015-02-07 18:13 - 00945560 _____ (www.startisback.com) C:\Users\LindaJackim\StartIsBack_setup.exe
2015-02-07 16:17 - 2015-02-10 12:07 - 00000000 ____D () C:\WINDOWS\pss
2015-02-07 16:03 - 2015-02-07 16:05 - 00000000 ____D () C:\Users\Guest
2015-02-07 16:03 - 2015-02-07 16:03 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2015-02-07 16:03 - 2014-11-13 14:48 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-07 16:03 - 2014-11-10 15:04 - 00000000 ____D () C:\Users\Guest\Documents\hp.system.package.metadata
2015-02-07 16:03 - 2014-11-10 15:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2015-02-07 16:03 - 2014-09-24 03:50 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-07 16:03 - 2014-03-18 04:13 - 00000369 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-07 16:03 - 2014-03-18 04:13 - 00000369 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-07 16:03 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-07 16:03 - 2013-08-22 09:36 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-06 17:35 - 2015-02-06 17:39 - 00029749 _____ () C:\Users\LindaJackim\Addition.txt
2015-02-06 17:28 - 2015-02-06 17:39 - 00045748 _____ () C:\Users\LindaJackim\FRST.txt
2015-02-06 17:23 - 2015-02-06 17:24 - 02131968 _____ (Farbar) C:\Users\LindaJackim\FRST64.exe
2015-02-06 13:16 - 2015-02-06 13:16 - 00000000 ____D () C:\Users\LindaJackim\Desktop\Ginge
2015-02-04 23:53 - 2015-02-02 12:13 - 01388274 _____ (Thisisu) C:\Users\LindaJackim\Desktop\JRT_NEW.exe
2015-02-04 23:49 - 2015-02-04 23:49 - 00022528 _____ () C:\Users\LindaJackim\AppData\Local\dsisetup1180897812.exe
2015-02-04 23:49 - 2015-02-04 23:49 - 00000010 _____ () C:\Users\LindaJackim\AppData\Local\DSI.DAT
2015-02-04 23:15 - 2015-02-04 23:17 - 00001091 _____ () C:\Users\LindaJackim\Desktop\Duplicate_Files_Deleter.exe.lnk
2015-02-04 22:59 - 2015-02-04 22:59 - 00000000 ____D () C:\Users\LindaJackim\duplicate_files_deleter
2015-02-04 22:49 - 2015-02-04 22:57 - 00000000 ____D () C:\Users\LindaJackim\AppData\Local\WinZip
2015-02-04 22:49 - 2015-02-04 22:49 - 00002302 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-02-04 22:49 - 2015-02-04 22:49 - 00002296 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-02-04 22:49 - 2015-02-04 22:49 - 00000000 ____D () C:\Users\LindaJackim\AppData\Local\114487671
2015-02-04 22:49 - 2015-02-04 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-02-04 22:49 - 2015-02-04 22:49 - 00000000 ____D () C:\Program Files\WinZip
2015-02-04 22:48 - 2015-02-04 22:48 - 00000000 ____D () C:\Program Files\File Association Helper
2015-02-04 22:30 - 2015-02-04 22:30 - 00027180 _____ () C:\Users\LindaJackim\WinZip® papers.html
2015-02-04 21:48 - 2015-02-04 21:48 - 00183046 _____ () C:\Users\LindaJackim\Desktop\duplicate_files_deleter.zip
2015-02-03 14:58 - 2015-02-03 14:58 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-03 14:58 - 2015-02-03 14:58 - 00000000 ____D () C:\ProgramData\Sun
2015-02-03 14:58 - 2015-02-03 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-03 14:58 - 2015-02-03 14:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-03 14:51 - 2015-02-03 14:58 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-03 14:51 - 2015-02-03 14:51 - 00639400 _____ (Oracle Corporation) C:\Users\LindaJackim\chromeinstall-8u31.exe
2015-02-02 23:45 - 2015-02-02 23:45 - 00000149 ____H () C:\Users\LindaJackim\.picasa.ini
2015-01-27 15:38 - 2015-01-27 15:38 - 00000000 _____ () C:\Users\LindaJackim\Sti_Trace.log
2015-01-27 15:33 - 2015-01-27 15:33 - 00000000 ____D () C:\Users\LindaJackim\Documents\ControlCenter4
2015-01-27 14:21 - 2015-01-27 14:21 - 00000055 _____ () C:\WINDOWS\SysWOW64\BRDH2280DW.DAT
2015-01-27 14:01 - 2015-01-27 14:01 - 00000000 ____D () C:\Users\LindaJackim\Desktop\wlan_wiz
2015-01-27 14:01 - 2015-01-27 14:01 - 00000000 ____D () C:\Users\LindaJackim\Desktop\install
2015-01-27 13:59 - 2015-01-27 14:01 - 129191528 _____ (A.I.SOFT,INC.) C:\Users\LindaJackim\Desktop\HL-2280DW-inst-C1-USA.EXE
2015-01-27 12:52 - 2015-01-27 12:52 - 00000000 ____D () C:\Users\LindaJackim\Desktop\64
2015-01-27 12:48 - 2015-01-27 12:48 - 18255551 _____ (A.I.SOFT,INC.) C:\Users\LindaJackim\Desktop\Y10E_C1-gdi-64-D2.EXE
2015-01-25 13:39 - 2015-01-25 13:39 - 02738504 _____ (Google Inc.) C:\Users\LindaJackim\gpautobackup_setup.exe
2015-01-20 17:05 - 2015-02-11 13:07 - 00000000 ____D () C:\AdwCleaner
2015-01-20 17:05 - 2015-01-20 17:05 - 02186752 _____ () C:\Users\LindaJackim\AdwCleaner.exe
2015-01-20 17:03 - 2015-01-20 17:03 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\LindaJackim\1BAF.tmp
2015-01-20 16:19 - 2015-01-20 16:19 - 01707939 _____ (Thisisu) C:\Users\LindaJackim\JRT (1).exe
2015-01-20 16:00 - 2015-01-20 16:00 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\LindaJackim\tdsskiller (2).exe
2015-01-20 15:59 - 2015-01-20 15:59 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\LindaJackim\tdsskiller (1).exe
2015-01-18 18:30 - 2015-01-18 18:30 - 00032635 _____ () C:\Users\LindaJackim\DFollow My Health™  Universal Health Record.html
2015-01-18 18:30 - 2015-01-18 18:30 - 00032635 _____ () C:\Users\LindaJackim\CFollow My Health™  Universal Health Record.html
2015-01-18 18:29 - 2015-01-18 18:29 - 00032635 _____ () C:\Users\LindaJackim\BFollow My Health™  Universal Health Record.html
2015-01-18 18:29 - 2015-01-18 18:29 - 00032635 _____ () C:\Users\LindaJackim\AFollow My Health™  Universal Health Record.html
2015-01-18 18:18 - 2015-01-18 18:19 - 00000171 _____ () C:\Users\LindaJackim\Desktop\Premier Neurosurgery.url
2015-01-18 17:47 - 2015-01-18 17:47 - 00032635 _____ () C:\Users\LindaJackim\Follow My Health™  Universal Health Record.html123.html
2015-01-18 17:46 - 2015-01-18 17:46 - 00032635 _____ () C:\Users\LindaJackim\2nd page.html
2015-01-18 17:45 - 2015-01-18 17:45 - 00032635 _____ () C:\Users\LindaJackim\Follow My Health™  Universal Health Record.html
2015-01-17 19:21 - 2015-01-17 19:22 - 00029696 _____ () C:\Users\LindaJackim\Backup of Martin_Medical_Customer_Satisfaction_Survey_(4)[1].wbk
2015-01-14 09:54 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 09:54 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 09:54 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 09:54 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 09:54 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 09:54 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 09:54 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 09:54 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 09:54 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 09:54 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 09:54 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 09:54 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 09:54 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 09:54 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 09:54 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 09:54 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 09:54 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 09:54 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 09:54 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 09:54 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 09:54 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 09:54 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 09:54 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 09:54 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 09:54 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-13 14:30 - 2014-02-13 19:42 - 00000000 ____D () C:\FRST
2015-02-13 14:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-13 13:56 - 2014-11-22 07:41 - 00000944 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001UA.job
2015-02-13 13:55 - 2014-06-25 04:07 - 00000000 __RDO () C:\Users\LindaJackim\OneDrive
2015-02-13 13:55 - 2014-06-23 16:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-13 13:47 - 2014-11-10 14:40 - 02043051 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-13 13:41 - 2014-07-07 04:20 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 12:49 - 2014-11-10 14:53 - 00000000 ____D () C:\Users\LindaJackim
2015-02-13 12:31 - 2014-06-18 03:30 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5344D135-1295-4DDB-8E74-95D48A5E434F}
2015-02-13 12:28 - 2014-07-07 04:20 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 17:56 - 2014-11-22 07:41 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001Core.job
2015-02-12 17:15 - 2014-06-18 03:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2815386680-214033250-1931965115-1001
2015-02-12 15:48 - 2014-07-06 14:35 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 15:45 - 2013-08-22 08:46 - 00346722 _____ () C:\WINDOWS\setupact.log
2015-02-12 15:45 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-12 15:44 - 2014-07-27 13:43 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-02-12 15:44 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-11 16:48 - 2014-07-27 16:06 - 00003194 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForLindaJackim
2015-02-11 16:48 - 2014-07-27 16:06 - 00000368 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForLindaJackim.job
2015-02-11 13:25 - 2013-10-21 17:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 13:25 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 13:25 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-11 13:24 - 2014-06-18 16:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 13:19 - 2014-06-18 16:06 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 13:18 - 2014-09-26 11:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 12:55 - 2013-08-22 08:44 - 00499128 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 12:49 - 2014-09-24 01:03 - 00014602 _____ () C:\WINDOWS\PFRO.log
2015-02-10 14:25 - 2014-07-06 06:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-10 14:25 - 2014-07-06 06:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-10 14:25 - 2014-06-25 01:49 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-10 14:19 - 2014-09-24 01:15 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-07 17:51 - 2014-11-22 07:41 - 00003902 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001UA
2015-02-07 17:51 - 2014-11-22 07:41 - 00003522 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001Core
2015-02-04 23:49 - 2014-08-28 12:10 - 00000139 _____ () C:\Users\LindaJackim\AppData\Roaming\WB.CFG
2015-02-04 22:50 - 2014-08-28 11:10 - 00000000 ____D () C:\ProgramData\WinZip
2015-02-04 21:56 - 2013-07-19 21:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-02-04 21:56 - 2013-07-19 21:15 - 00000000 ___HD () C:\HP
2015-02-04 16:55 - 2014-06-23 16:48 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 13:31 - 2014-11-14 01:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 13:31 - 2014-11-14 01:59 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 09:41 - 2013-10-21 17:48 - 00000000 ____D () C:\ProgramData\Temp
2015-02-02 18:42 - 2014-09-26 11:57 - 00128976 _____ () C:\Users\LindaJackim\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-30 23:36 - 2014-07-07 04:20 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-30 23:36 - 2014-07-07 04:20 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-27 15:55 - 2014-11-05 08:06 - 00000000 ____D () C:\Users\LindaJackim\Documents\Wondershare PDF to Word
2015-01-27 15:31 - 2014-08-03 17:08 - 00000000 ____D () C:\Users\LindaJackim\AppData\Roaming\ControlCenter4
2015-01-27 14:23 - 2014-08-03 16:38 - 00000000 ____D () C:\ProgramData\ControlCenter4
2015-01-27 14:23 - 2014-08-03 16:38 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2015-01-27 14:23 - 2014-08-03 16:38 - 00000000 ____D () C:\Program Files (x86)\Browny02
2015-01-22 12:28 - 2014-11-18 04:55 - 00002035 _____ () C:\Users\LindaJackim\AppData\Roaming\SAS7_000.DAT
 
==================== Files in the root of some directories =======
 
2014-06-16 08:45 - 2014-06-16 08:34 - 0005212 _____ () C:\Program Files\route.print.txt
2014-08-18 09:48 - 2014-08-18 09:52 - 152183640 _____ (Hewlett-Packard                                             ) C:\Program Files\sp64853.exe
2014-05-28 08:46 - 2014-10-20 02:35 - 0000786 _____ () C:\Program Files (x86)\.android.lnk
2014-08-03 16:56 - 2014-08-03 16:57 - 129191528 _____ (A.I.SOFT,INC.) C:\Program Files (x86)\HL-2280DW-inst-C1-USA.EXE
2014-11-18 04:55 - 2015-01-22 12:28 - 0002035 _____ () C:\Users\LindaJackim\AppData\Roaming\SAS7_000.DAT
2014-08-28 12:10 - 2015-02-04 23:49 - 0000139 _____ () C:\Users\LindaJackim\AppData\Roaming\WB.CFG
2015-02-04 23:49 - 2015-02-04 23:49 - 0000010 _____ () C:\Users\LindaJackim\AppData\Local\DSI.DAT
2015-02-04 23:49 - 2015-02-04 23:49 - 0022528 _____ () C:\Users\LindaJackim\AppData\Local\dsisetup1180897812.exe
2014-06-24 15:00 - 2014-10-22 09:34 - 0007634 _____ () C:\Users\LindaJackim\AppData\Local\resmon.resmoncfg
2015-02-12 15:45 - 2015-02-12 15:45 - 0000000 ____H () C:\ProgramData\cm-lock
2014-12-27 18:13 - 2014-12-28 18:14 - 0002796 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\LindaJackim\AdwCleaner.exe
C:\Users\LindaJackim\AIO_CDB_FSW_Full_Win_WW_140_408.exe
C:\Users\LindaJackim\chromeinstall-8u31.exe
C:\Users\LindaJackim\Duplicate_Files_Deleter.exe
C:\Users\LindaJackim\FRST64.exe
C:\Users\LindaJackim\gpautobackup_setup.exe
C:\Users\LindaJackim\hppiw.exe
C:\Users\LindaJackim\ispsetup.exe
C:\Users\LindaJackim\JRT (1).exe
C:\Users\LindaJackim\JRT.exe
C:\Users\LindaJackim\RecoverMyFiles-Setup.exe
C:\Users\LindaJackim\StartIsBackPlus_setup (1).exe
C:\Users\LindaJackim\StartIsBackPlus_setup (2).exe
C:\Users\LindaJackim\StartIsBackPlus_setup.exe
C:\Users\LindaJackim\StartIsBack_setup.exe
C:\Users\LindaJackim\taglib-sharp.dll
C:\Users\LindaJackim\tdsskiller (1).exe
C:\Users\LindaJackim\tdsskiller (2).exe
C:\Users\LindaJackim\tdsskiller.exe
C:\Users\LindaJackim\WinShell.dll
 
 
Some content of TEMP:
====================
C:\Users\LindaJackim\AppData\Local\Temp\HPInstaller.exe
C:\Users\LindaJackim\AppData\Local\Temp\Quarantine.exe
C:\Users\LindaJackim\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-07 16:14
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by LindaJackim at 2015-02-13 14:31:19
Running from C:\Users\LindaJackim\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3100_3200_3300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
3100_3200_3300trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
3300 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Andrea Electronics AudioCommander (HKLM-x32\...\{062FB0F6-8F13-480A-B11E-65A01A64E95B}) (Version:  - Andrea Electronics Corporation)
Andrea Electronics USB Audio (HKLM-x32\...\{96793F18-9880-4E50-A89B-D42A591CD8D3}) (Version:  - Andrea Electronics Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite HL-2280DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG6400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6400_series) (Version: 1.01 - Canon Inc.)
Canon MG6400 series On-screen Manual (HKLM-x32\...\Canon MG6400 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG6400 series User Registration (HKLM-x32\...\Canon MG6400 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PageFour 1.86 (HKLM-x32\...\PageFour_is1) (Version:  - Bad Wolf Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
StartIsBack+ (HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\StartIsBack) (Version: 1.7 - startisback.com)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
Wondershare PDF to Word (Build 4.0.1) (HKLM-x32\...\{90599D63-1879-4B90-BE4F-051CE70FA576}_is1) (Version: 4.0.1 - Wondershare Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\CLSID\{61625667-893E-4707-B925-A82B528C00B9}\InprocServer32 -> C:\Users\LindaJackim\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c9}\InprocServer32 -> C:\Users\LindaJackim\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\CLSID\{AD1405D2-30CF-4877-8468-1EE1C52C759F}\InprocServer32 -> C:\Users\LindaJackim\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\LindaJackim\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\CLSID\{E5C31EC8-C5E6-4E07-957E-944DB4AAD85E}\InprocServer32 -> C:\Users\LindaJackim\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\LindaJackim\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2815386680-214033250-1931965115-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\LindaJackim\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
14-01-2015 10:22:24 Windows Update
23-01-2015 12:20:45 Windows Update
27-01-2015 14:22:03 Installed Brother Software Suite
05-02-2015 15:02:53 Windows Update
10-02-2015 19:01:53 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {12469DEC-CB61-4FD8-AFED-84085DC071B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07] (Google Inc.)
Task: {1685E8DD-F58E-4701-B1F1-E5D092E1C153} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {37A03F90-00B3-44C6-A5C4-C03BEBC292DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07] (Google Inc.)
Task: {48020513-36D7-4D6F-866C-CE3243CFF176} - System32\Tasks\{6BAB7D4E-1603-4EF8-B77E-C8E24A2EA1AF} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MG6400 series\IJEREG.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6400 series User Registration"
Task: {5408E701-D367-4437-ABB7-515462689319} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {59BFE426-ED9E-45F1-8D3A-2F577AD24482} - System32\Tasks\HPCeeScheduleForLindaJackim => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {85913288-EEF8-4CD1-A52E-0CD08FF5CF54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001Core => C:\Users\LindaJackim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-22] (Google Inc.)
Task: {95040BF0-3946-4F50-9FC7-6E8D45F86786} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-06-30] (Synaptics Incorporated)
Task: {A6B1FFC7-2D28-4062-9154-CF948B874CB7} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2815386680-214033250-1931965115-1001
Task: {C38561C9-A690-40BE-AF79-063EADC7C35D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001UA => C:\Users\LindaJackim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-22] (Google Inc.)
Task: {D0895E40-384D-447D-9000-6454AC5B5209} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2815386680-214033250-1931965115-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {D4D13867-2CB6-4532-AE45-628C3E0156E6} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {DD5754EC-931A-4222-937E-FC8E1C7A7CAA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001Core.job => C:\Users\LindaJackim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2815386680-214033250-1931965115-1001UA.job => C:\Users\LindaJackim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForLindaJackim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-10-29 09:30 - 2013-05-14 03:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-08-03 16:38 - 2005-04-21 22:36 - 00143360 ____N () C:\WINDOWS\system32\BrSNMP64.dll
2014-10-03 09:36 - 2014-10-03 09:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-10-21 17:27 - 2013-05-08 15:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-02-06 10:42 - 2015-02-04 03:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 10:42 - 2015-02-04 03:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 10:42 - 2015-02-04 03:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\.android:ms-properties
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\Users\LindaJackim\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg
DNS Servers: 69.196.208.8 - 69.196.208.10
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "AudioCommanderVista"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2815386680-214033250-1931965115-1001\...\StartupApproved\StartupFolder: => "wandoujia_helper.lnk"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2815386680-214033250-1931965115-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2815386680-214033250-1931965115-501 - Limited - Enabled) => C:\Users\Guest
LindaJackim (S-1-5-21-2815386680-214033250-1931965115-1001 - Administrator - Enabled) => C:\Users\LindaJackim
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart 3300 series
Description: Photosmart 3300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart 3300 series
Description: Photosmart 3300 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/13/2015 02:23:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (02/13/2015 02:23:30 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (02/13/2015 02:20:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265594
 
Error: (02/13/2015 02:20:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10265594
 
Error: (02/13/2015 02:20:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/12/2015 11:24:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINDA)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/12/2015 11:23:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINDA)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/12/2015 11:11:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINDA)
Description: Activation of app AD2F1837.GettingStartedwithWindows8_v10z8vjag6ke6!App failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/12/2015 11:11:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINDA)
Description: Activation of app Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/12/2015 11:11:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINDA)
Description: Activation of app Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (02/12/2015 10:21:34 PM) (Source: DCOM) (EventID: 10010) (User: LINDA)
Description: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C}
 
Error: (02/12/2015 10:21:04 PM) (Source: DCOM) (EventID: 10010) (User: LINDA)
Description: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C}
 
Error: (02/12/2015 10:20:34 PM) (Source: DCOM) (EventID: 10010) (User: LINDA)
Description: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C}
 
Error: (02/12/2015 09:27:52 PM) (Source: DCOM) (EventID: 10010) (User: LINDA)
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}
 
Error: (02/12/2015 09:27:22 PM) (Source: DCOM) (EventID: 10010) (User: LINDA)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (02/12/2015 09:27:22 PM) (Source: DCOM) (EventID: 10010) (User: LINDA)
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}
 
Error: (02/12/2015 09:22:33 PM) (Source: DCOM) (EventID: 10010) (User: LINDA)
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}
 
Error: (02/12/2015 09:22:03 PM) (Source: DCOM) (EventID: 10010) (User: LINDA)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (02/12/2015 09:22:03 PM) (Source: DCOM) (EventID: 10010) (User: LINDA)
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}
 
Error: (02/12/2015 09:21:33 PM) (Source: DCOM) (EventID: 10010) (User: LINDA)
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}
 
 
Microsoft Office Sessions:
=========================
Error: (11/05/2014 02:46:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-12 17:16:32.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-07 16:35:30.411
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-06 17:44:35.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-03 15:22:16.252
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-31 12:57:17.721
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-30 23:45:38.790
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-28 11:15:54.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-27 14:41:20.872
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-25 18:32:14.539
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-25 18:32:14.407
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 52%
Total physical RAM: 3866.15 MB
Available physical RAM: 1841.15 MB
Total Pagefile: 4570.15 MB
Available Pagefile: 1808.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:671.83 GB) (Free:599.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.25 GB) (Free:2.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: D031B727)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 13 February 2015 - 06:12 PM

When I start my computer, after the sign-in and welcome page, the screen goes black and I can only see the cursor. I have to use control/alt/delete to bring up the task manager, click on "run new task,",and type in www.explorer.exe in order to bring up my desktop. However, this morning it would not bring up my desktop, only a list of files on my desktop.

How long have you had this issue?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 ljwerlein

ljwerlein
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tennessee
  • Local time:01:59 AM

Posted 13 February 2015 - 09:23 PM

The first time it happened was Saturday, February 7. I remember the exact day because my technically-smart daughter called from College, and I told her what happened, and that I had found that I could go to Task Manager and find a way in. I was rather proud of myself for that. It made her laugh. I have just checked the phone and see that her most recent cll was on eb. 7th.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users