Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

daughters computer extremely slow


  • This topic is locked This topic is locked
18 replies to this topic

#1 sacasteel

sacasteel

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 23 May 2015 - 10:47 AM

Hoping for some help.  The computer would redirect and had multiple ads popping up.  I went in and uninstalled everything I could find that was obvious and that stopped the redirecting and pop ups for the most part.  However, it is still very slow and I need help.

 

Here are the frst reports:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Jacob (ATTENTION: The logged in user is not administrator) on MORGAN-HP on 23-05-2015 10:18:30
Running from C:\Users\Jacob\Desktop
Loaded Profiles: steve & Jacob (Available Profiles: steve & Jacob)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> winlogon.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> AERTSr64.exe
Failed to access process -> Fuel.Service.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> svchost.exe
Failed to access process -> fsssvc.exe
Failed to access process -> HPClientServices.exe
Failed to access process -> HPDrvMntSvc.exe
Failed to access process -> HPWMISVC.exe
Failed to access process -> RIconMan.exe
Failed to access process -> RNowSvc.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> mscorsvw.exe
Failed to access process -> atieclxx.exe
Failed to access process -> HPSA_Service.exe
Failed to access process -> svchost.exe
Failed to access process -> wmpnetwk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> svchost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> hpqwmiex.exe
Failed to access process -> iPodService.exe
Failed to access process -> dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> GWXConfigManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
Failed to access process -> mscorsvw.exe
Failed to access process -> DismHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> TrustedInstaller.exe
(Trend Micro Inc.) C:\Users\Jacob\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> taskeng.exe
Failed to access process -> GoogleUpdate.exe
Failed to access process -> msiexec.exe
Failed to access process -> GoogleUpdate.exe
Failed to access process -> sppsvc.exe
Failed to access process -> 43.0.2357.65_42.0.2311.90_chrome_updater.exe
Failed to access process -> setup.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2012-04-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2023936 2009-08-03] (Eastman Kodak Company)
HKLM-x32\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKU\S-1-5-21-1616617809-2168011286-2694606399-1030\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1616617809-2168011286-2694606399-1030\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2013-05-09] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1616617809-2168011286-2694606399-1030\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKU\S-1-5-21-1616617809-2168011286-2694606399-1030\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
HKU\S-1-5-21-1616617809-2168011286-2694606399-1030\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
URLSearchHook: [S-1-5-21-1616617809-2168011286-2694606399-1004] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1030 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1030 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1030 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1030 -> {9C841118-627F-4E18-80CF-244A3C4C0E5D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1030 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1030 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1030 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-08-01] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09] (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Google Wallet) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-17] (Advanced Micro Devices, Inc.) []
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) []
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) []
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-23 10:18 - 2015-05-23 10:26 - 00018717 _____ () C:\Users\Jacob\Desktop\FRST.txt
2015-05-23 10:18 - 2015-05-23 10:19 - 00000000 ____D () C:\FRST
2015-05-23 10:11 - 2015-05-23 10:14 - 02108416 _____ (Farbar) C:\Users\Jacob\Desktop\FRST64.exe
2015-05-23 09:56 - 2015-05-23 09:56 - 00010586 _____ () C:\Users\Jacob\Downloads\hijackthis.log
2015-05-23 09:49 - 2015-05-23 09:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jacob\Downloads\HijackThis.exe
2015-04-25 12:43 - 2015-04-25 12:51 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-25 12:43 - 2015-04-25 12:43 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-25 12:43 - 2015-04-25 12:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-25 12:43 - 2015-04-25 12:43 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-25 10:22 - 2015-04-25 10:35 - 00000000 ____D () C:\5c45e111b22fb0e49d899b1971
2015-04-25 10:20 - 2015-04-25 10:20 - 00058016 _____ () C:\Users\Jacob\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-25 10:19 - 2015-04-25 10:19 - 00000000 ____D () C:\Users\Jacob\AppData\Local\AMD
2015-04-25 10:17 - 2015-04-25 10:17 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\ATI
2015-04-25 10:17 - 2015-04-25 10:17 - 00000000 ____D () C:\Users\Jacob\AppData\Local\ATI
2015-04-25 10:16 - 2015-04-25 10:17 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\hpqLog
2015-04-25 10:16 - 2015-04-25 10:16 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Synaptics
2015-04-25 10:16 - 2015-04-25 10:16 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Apple Computer
2015-04-25 10:15 - 2015-04-25 10:18 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Google
2015-04-25 10:15 - 2015-04-25 10:15 - 00001417 _____ () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-25 10:15 - 2015-04-25 10:15 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Adobe
2015-04-25 10:14 - 2015-05-23 09:53 - 00000000 ____D () C:\Users\Jacob\AppData\Local\VirtualStore
2015-04-25 10:13 - 2015-04-25 10:15 - 00000000 ____D () C:\Users\Jacob
2015-04-25 10:13 - 2015-04-25 10:13 - 00000632 __RSH () C:\Users\Jacob\ntuser.pol
2015-04-25 10:13 - 2015-04-25 10:13 - 00000020 ___SH () C:\Users\Jacob\ntuser.ini
2015-04-25 10:13 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-25 10:13 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-23 10:26 - 2013-07-29 20:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 10:20 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-23 10:20 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-23 10:12 - 2011-08-18 14:02 - 01376903 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 10:11 - 2011-12-26 08:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 10:08 - 2011-12-26 08:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 09:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-23 09:28 - 2012-07-31 21:04 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1616617809-2168011286-2694606399-1002UA.job
2015-05-23 09:28 - 2012-07-31 21:04 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1616617809-2168011286-2694606399-1002Core.job
2015-04-25 17:05 - 2012-05-28 21:04 - 00000000 ____D () C:\ProgramData\Skype
2015-04-25 12:48 - 2013-03-19 07:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-04-25 12:48 - 2013-03-19 07:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-04-25 12:48 - 2012-01-08 14:31 - 00000000 ____D () C:\ProgramData\Kodak
2015-04-25 12:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-25 12:48 - 2009-07-13 23:51 - 00069290 _____ () C:\Windows\setupact.log
2015-04-25 12:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-04-25 12:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-25 12:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-25 12:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-25 12:17 - 2013-11-30 16:25 - 00066770 _____ () C:\Windows\IE11_main.log
2015-04-25 11:48 - 2015-04-20 17:51 - 00775994 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-25 11:48 - 2009-07-14 00:13 - 00775994 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-25 10:47 - 2013-03-19 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-25 10:36 - 2011-07-06 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.
 
==================== End of log ============================
 
addition report:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Jacob at 2015-05-23 10:27:33
Running from C:\Users\Jacob\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1616617809-2168011286-2694606399-500 - Administrator - Disabled)
Guest (S-1-5-21-1616617809-2168011286-2694606399-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1616617809-2168011286-2694606399-1003 - Limited - Enabled)
Jacob (S-1-5-21-1616617809-2168011286-2694606399-1030 - Limited - Enabled) => C:\Users\Jacob
steve (S-1-5-21-1616617809-2168011286-2694606399-1004 - Administrator - Enabled) => C:\Users\steve
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
aiofw (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden
aioprnt (Version: 4.2.7.4 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 4.2.6.0 - Your Company Name) Hidden
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{72927D2A-ADEF-786D-91E3-06CEFD60D107}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
center (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KODAK AiO Home Center (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 4.2.7.7 - Eastman Kodak Company)
ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PreReq (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6461 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1616617809-2168011286-2694606399-1002Core.job => 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1616617809-2168011286-2694606399-1002UA.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => 
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-06-17 00:20 - 2011-06-17 00:20 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-06-17 00:08 - 2011-06-17 00:08 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 15:42 - 2011-06-17 15:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1616617809-2168011286-2694606399-1030\Control Panel\Desktop\\Wallpaper -> C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER Error getting ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{257BEA93-44F1-4EFC-8FE7-D8FE4E83F32D}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{37F7D1FD-F66F-4608-B5AC-74F900F6E0B8}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{BF6CD862-F9AF-4DB1-9FFF-6458F9632095}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{F72CB198-A78D-4DE3-8923-17B2D90F4F03}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{373543E5-BA7B-45EC-BF0D-15EA125205AE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B927E893-5945-4FD8-9A0B-822F522DB4A1}] => (Allow) LPort=2869
FirewallRules: [{2A6B30AD-3CC1-42E3-AA70-FC5B9C7FB543}] => (Allow) LPort=1900
FirewallRules: [{350BF55D-EA32-4378-9006-5E27F5D9CDB7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6D3559FA-E5DA-4DBD-A0DF-F5B0FC110EED}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{401C48EC-79B0-4AE5-9E8E-D209957AA744}] => (Allow) C:\Users\Morgan\Desktop\FrostWire 5\FrostWire.exe
FirewallRules: [{4FAA55D3-0A9B-4A94-B823-0788C162C035}] => (Allow) C:\Users\Morgan\Desktop\FrostWire 5\FrostWire.exe
FirewallRules: [TCP Query User{B977DCAE-2F3E-4A9B-9A10-02BD001F2349}C:\users\morgan\desktop\frostwire 5\frostwire.exe] => (Block) C:\users\morgan\desktop\frostwire 5\frostwire.exe
FirewallRules: [UDP Query User{492831BB-5F22-4081-A447-E815A3543EF0}C:\users\morgan\desktop\frostwire 5\frostwire.exe] => (Block) C:\users\morgan\desktop\frostwire 5\frostwire.exe
FirewallRules: [{035F17F0-DA0E-4D36-9797-C6DA81998637}] => (Allow) LPort=9322
FirewallRules: [{21167F20-66DD-419B-9DFC-2BCAD605D1AB}] => (Allow) LPort=9322
FirewallRules: [{C3360066-378A-46A3-817B-1224AFBF4297}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{549B0BD2-C21C-4AFF-920C-6A851A02D479}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F942826D-F517-4CE7-8D1D-AD273FB8D921}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{C9EA93BA-1B2A-4252-BC17-AC1223D7DFDB}] => (Allow) C:\Users\Morgan\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{9E596B64-37C9-4315-882C-C2B86792F565}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/25/2015 05:33:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 05:33:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 05:33:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 05:33:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 04:54:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._scanner._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 04:54:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._pdl-datastream._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 04:54:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._smb._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 02:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._smb._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 02:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._scanner._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 02:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._pdl-datastream._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
 
System errors:
=============
Error: (05/23/2015 09:41:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80010108: Security Update for Windows 7 for x64-based Systems (KB2978742).
 
Error: (05/23/2015 09:41:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80010108: Security Update for Windows 7 for x64-based Systems (KB3019978).
 
Error: (05/23/2015 09:41:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80010108: Security Update for Windows 7 for x64-based Systems (KB3032323).
 
Error: (05/23/2015 09:41:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (05/23/2015 09:41:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80010108: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2894844).
 
Error: (05/23/2015 09:41:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80010108: Update for Windows 7 for x64-based Systems (KB2970228).
 
Error: (04/25/2015 00:48:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (04/25/2015 00:45:30 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
 
Error: (04/25/2015 00:40:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (04/25/2015 00:18:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
 
Microsoft Office:
=========================
Error: (04/25/2015 05:33:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 05:33:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 05:33:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 05:33:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 04:54:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._scanner._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 04:54:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._pdl-datastream._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 04:54:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._smb._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 02:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._smb._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 02:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._scanner._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 02:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._pdl-datastream._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-350 Processor
Percentage of memory in use: 72%
Total physical RAM: 2666.91 MB
Available physical RAM: 737.29 MB
Total Pagefile: 5332 MB
Available Pagefile: 2314.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.36 GB) (Free:197.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.56 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
==================== End of log ============================
 
Thanks for any help!

 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:22 PM

Posted 23 May 2015 - 11:16 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Ran by Jacob (ATTENTION: The logged in user is not administrator)

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 23 May 2015 - 11:17 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 sacasteel

sacasteel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 23 May 2015 - 01:37 PM

Thanks for the help!

 

frst log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by steve (administrator) on MORGAN-HP on 23-05-2015 13:30:37
Running from C:\Users\steve\Desktop
Loaded Profiles: steve (Available Profiles: steve & Jacob)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2012-04-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2023936 2009-08-03] (Eastman Kodak Company)
HKLM-x32\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKU\S-1-5-21-1616617809-2168011286-2694606399-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1616617809-2168011286-2694606399-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1616617809-2168011286-2694606399-1004\...\MountPoints2: {5e2f28d2-9948-11e2-9125-3cd92b2e0f3d} - G:\VZW_Software_upgrade_assistant_installer.exe
Startup: C:\Users\Morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012-07-31]
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\steve\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2013-05-09] (AVAST Software)
GroupPolicyUsers\S-1-5-21-1616617809-2168011286-2694606399-1004\User: Group Policy Restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1616617809-2168011286-2694606399-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKU\S-1-5-21-1616617809-2168011286-2694606399-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1004 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1004 -> {9C841118-627F-4E18-80CF-244A3C4C0E5D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1004 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1004 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1616617809-2168011286-2694606399-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-08-01] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09] (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
Toolbar: HKU\S-1-5-21-1616617809-2168011286-2694606399-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-17] (Advanced Micro Devices, Inc.) []
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) []
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) []
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-23 13:30 - 2015-05-23 13:31 - 00017466 _____ () C:\Users\steve\Desktop\FRST.txt
2015-05-23 13:26 - 2015-05-23 13:28 - 00029564 _____ () C:\Users\steve\Downloads\Addition.txt
2015-05-23 13:23 - 2015-05-23 13:28 - 00026457 _____ () C:\Users\steve\Downloads\FRST.txt
2015-05-23 13:19 - 2015-05-23 13:21 - 02108416 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
2015-05-23 10:27 - 2015-05-23 13:14 - 00029706 _____ () C:\Users\Jacob\Desktop\Addition.txt
2015-05-23 10:18 - 2015-05-23 13:30 - 00000000 ____D () C:\FRST
2015-05-23 10:18 - 2015-05-23 13:14 - 00029954 _____ () C:\Users\Jacob\Desktop\FRST.txt
2015-05-23 10:11 - 2015-05-23 10:14 - 02108416 _____ (Farbar) C:\Users\Jacob\Desktop\FRST64.exe
2015-05-23 09:56 - 2015-05-23 09:56 - 00010586 _____ () C:\Users\Jacob\Downloads\hijackthis.log
2015-05-23 09:49 - 2015-05-23 09:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jacob\Downloads\HijackThis.exe
2015-04-25 12:43 - 2015-04-25 12:51 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-25 12:43 - 2015-04-25 12:43 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-25 12:43 - 2015-04-25 12:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-25 12:43 - 2015-04-25 12:43 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-25 10:22 - 2015-04-25 10:35 - 00000000 ____D () C:\5c45e111b22fb0e49d899b1971
2015-04-25 10:20 - 2015-04-25 10:20 - 00058016 _____ () C:\Users\Jacob\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-25 10:19 - 2015-04-25 10:19 - 00000000 ____D () C:\Users\Jacob\AppData\Local\AMD
2015-04-25 10:17 - 2015-04-25 10:17 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\ATI
2015-04-25 10:17 - 2015-04-25 10:17 - 00000000 ____D () C:\Users\Jacob\AppData\Local\ATI
2015-04-25 10:16 - 2015-05-23 09:35 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C7212A38-4176-46A7-A30C-9FDEBEE007A6}
2015-04-25 10:16 - 2015-04-25 10:17 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\hpqLog
2015-04-25 10:16 - 2015-04-25 10:16 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Synaptics
2015-04-25 10:16 - 2015-04-25 10:16 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Apple Computer
2015-04-25 10:15 - 2015-04-25 10:18 - 00000000 ____D () C:\Users\Jacob\AppData\Local\Google
2015-04-25 10:15 - 2015-04-25 10:15 - 00001417 _____ () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-25 10:15 - 2015-04-25 10:15 - 00000000 ____D () C:\Users\Jacob\AppData\Roaming\Adobe
2015-04-25 10:14 - 2015-05-23 09:53 - 00000000 ____D () C:\Users\Jacob\AppData\Local\VirtualStore
2015-04-25 10:13 - 2015-04-25 10:15 - 00000000 ____D () C:\Users\Jacob
2015-04-25 10:13 - 2015-04-25 10:13 - 00000632 __RSH () C:\Users\Jacob\ntuser.pol
2015-04-25 10:13 - 2015-04-25 10:13 - 00000020 ___SH () C:\Users\Jacob\ntuser.ini
2015-04-25 10:13 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-25 10:13 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-23 13:18 - 2012-04-11 20:59 - 00001232 __RSH () C:\Users\steve\ntuser.pol
2015-05-23 13:18 - 2012-04-11 20:52 - 00000000 ____D () C:\Users\steve
2015-05-23 13:05 - 2011-08-18 14:02 - 01662256 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 11:23 - 2013-07-29 20:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 11:11 - 2011-12-26 08:14 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-23 11:08 - 2011-12-26 08:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 10:48 - 2012-07-31 21:04 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1616617809-2168011286-2694606399-1002UA.job
2015-05-23 10:20 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-23 10:20 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-23 10:11 - 2011-12-26 08:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 10:03 - 2011-12-26 08:13 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-23 10:03 - 2011-12-26 08:13 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-23 09:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-23 09:29 - 2012-09-02 10:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-23 09:28 - 2012-07-31 21:04 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1616617809-2168011286-2694606399-1002Core.job
2015-04-25 17:05 - 2012-05-28 21:04 - 00000000 ____D () C:\ProgramData\Skype
2015-04-25 12:48 - 2013-03-19 07:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-04-25 12:48 - 2013-03-19 07:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-04-25 12:48 - 2012-01-08 14:31 - 00000000 ____D () C:\ProgramData\Kodak
2015-04-25 12:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-25 12:48 - 2009-07-13 23:51 - 00069290 _____ () C:\Windows\setupact.log
2015-04-25 12:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-04-25 12:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-25 12:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-25 12:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-25 12:17 - 2013-11-30 16:25 - 00066770 _____ () C:\Windows\IE11_main.log
2015-04-25 11:48 - 2015-04-20 17:51 - 00775994 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-25 11:48 - 2009-07-14 00:13 - 00775994 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-25 10:47 - 2013-03-19 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-25 10:36 - 2011-07-06 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
 
Some files in TEMP:
====================
C:\Users\Morgan\AppData\Local\Temp\Extract.exe
C:\Users\Morgan\AppData\Local\Temp\Impressioner.exe
C:\Users\Morgan\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Morgan\AppData\Local\Temp\Resource.exe
C:\Users\Morgan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Morgan\AppData\Local\Temp\sp54620.exe
C:\Users\Morgan\AppData\Local\Temp\SP54714.exe
C:\Users\Morgan\AppData\Local\Temp\SP54986.exe
C:\Users\Morgan\AppData\Local\Temp\SP55151.exe
C:\Users\Morgan\AppData\Local\Temp\SP55342.exe
C:\Users\Morgan\AppData\Local\Temp\SP55549.exe
C:\Users\Morgan\AppData\Local\Temp\SP55624.exe
C:\Users\Morgan\AppData\Local\Temp\SP55774.exe
C:\Users\Morgan\AppData\Local\Temp\SP56217.exe
C:\Users\Morgan\AppData\Local\Temp\SP56221.exe
C:\Users\Morgan\AppData\Local\Temp\sp64126.exe
C:\Users\Morgan\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Morgan\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Morgan\AppData\Local\Temp\xgl_jddl.dll
C:\Users\steve\AppData\Local\Temp\Extract.exe
C:\Users\steve\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\steve\AppData\Local\Temp\Resource.exe
C:\Users\steve\AppData\Local\Temp\SP55152.exe
C:\Users\steve\AppData\Local\Temp\SP56929.exe
C:\Users\steve\AppData\Local\Temp\SP57049.exe
C:\Users\steve\AppData\Local\Temp\SP57398.exe
C:\Users\steve\AppData\Local\Temp\sp58915.exe
C:\Users\steve\AppData\Local\Temp\SP59202.exe
C:\Users\steve\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-10-12 14:44
 
==================== End of log ============================
 
addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by steve at 2015-05-23 13:32:56
Running from C:\Users\steve\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1616617809-2168011286-2694606399-500 - Administrator - Disabled)
Guest (S-1-5-21-1616617809-2168011286-2694606399-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1616617809-2168011286-2694606399-1003 - Limited - Enabled)
Jacob (S-1-5-21-1616617809-2168011286-2694606399-1030 - Limited - Enabled) => C:\Users\Jacob
steve (S-1-5-21-1616617809-2168011286-2694606399-1004 - Administrator - Enabled) => C:\Users\steve
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
aiofw (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden
aioprnt (Version: 4.2.7.4 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 4.2.6.0 - Your Company Name) Hidden
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{72927D2A-ADEF-786D-91E3-06CEFD60D107}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
center (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KODAK AiO Home Center (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 4.2.7.7 - Eastman Kodak Company)
ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PreReq (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6461 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
22-04-2015 17:21:55 Windows Update
25-04-2015 10:17:15 Windows Update
25-04-2015 16:56:33 Removed RoxioNow Player.
25-04-2015 17:04:26 Removed Skype™ 7.0
25-04-2015 17:33:56 Removed Bonjour
23-05-2015 09:29:09 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {089DC3D4-832A-4BFB-8DE0-ECD292CB0158} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe
Task: {17C6C4AB-6F0D-41D8-AFD4-D9ED4027E196} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1616617809-2168011286-2694606399-1002Core => C:\Users\Morgan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-17] (Facebook Inc.)
Task: {1E9B7DF0-5251-4DED-9F01-2CB437F00775} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {245D8E33-F9E0-4848-AE3F-44294EF4931E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3A3CE0CE-C3C7-41DE-9C67-56AB9A26D3EA} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {44F612FA-7561-4427-94BE-5870781D3A0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {89A52E65-A375-41DA-AB0E-6B0252C5B21F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-20] (Google Inc.)
Task: {8A636BBD-70D2-4716-A0C8-F9599C372A30} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {AAA3D19C-59EB-4456-984D-45EF279BA0B3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (AVAST Software)
Task: {AF8FAD07-BCFA-4FD4-AACF-B28FB48DDC24} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C61CCCAD-4A30-45B3-9F62-C25392E63869} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated)
Task: {E598D558-EED7-4D70-8B5B-FB78393BBDB3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EB098BA5-2D9E-4B67-9E06-9769D0AA1DFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-20] (Google Inc.)
Task: {EF8D22F5-2C3A-4DFB-8F08-D99BADD8C04E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {F49CE67B-631A-4CB3-84A6-81E837510B12} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1616617809-2168011286-2694606399-1002UA => C:\Users\Morgan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-17] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1616617809-2168011286-2694606399-1002Core.job => C:\Users\Morgan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1616617809-2168011286-2694606399-1002UA.job => C:\Users\Morgan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-06-17 00:20 - 2011-06-17 00:20 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-06-17 00:20 - 2011-06-17 00:20 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-06-17 00:08 - 2011-06-17 00:08 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 15:42 - 2011-06-17 15:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-05-23 13:24 - 2015-05-23 10:53 - 02918400 _____ () C:\Program Files\AVAST Software\Avast\defs\15052302\algo.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-23 11:11 - 2015-05-13 11:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-23 11:11 - 2015-05-13 11:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1616617809-2168011286-2694606399-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER Error getting ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{257BEA93-44F1-4EFC-8FE7-D8FE4E83F32D}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{37F7D1FD-F66F-4608-B5AC-74F900F6E0B8}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{BF6CD862-F9AF-4DB1-9FFF-6458F9632095}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{F72CB198-A78D-4DE3-8923-17B2D90F4F03}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{373543E5-BA7B-45EC-BF0D-15EA125205AE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B927E893-5945-4FD8-9A0B-822F522DB4A1}] => (Allow) LPort=2869
FirewallRules: [{2A6B30AD-3CC1-42E3-AA70-FC5B9C7FB543}] => (Allow) LPort=1900
FirewallRules: [{350BF55D-EA32-4378-9006-5E27F5D9CDB7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6D3559FA-E5DA-4DBD-A0DF-F5B0FC110EED}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{401C48EC-79B0-4AE5-9E8E-D209957AA744}] => (Allow) C:\Users\Morgan\Desktop\FrostWire 5\FrostWire.exe
FirewallRules: [{4FAA55D3-0A9B-4A94-B823-0788C162C035}] => (Allow) C:\Users\Morgan\Desktop\FrostWire 5\FrostWire.exe
FirewallRules: [TCP Query User{B977DCAE-2F3E-4A9B-9A10-02BD001F2349}C:\users\morgan\desktop\frostwire 5\frostwire.exe] => (Block) C:\users\morgan\desktop\frostwire 5\frostwire.exe
FirewallRules: [UDP Query User{492831BB-5F22-4081-A447-E815A3543EF0}C:\users\morgan\desktop\frostwire 5\frostwire.exe] => (Block) C:\users\morgan\desktop\frostwire 5\frostwire.exe
FirewallRules: [{035F17F0-DA0E-4D36-9797-C6DA81998637}] => (Allow) LPort=9322
FirewallRules: [{21167F20-66DD-419B-9DFC-2BCAD605D1AB}] => (Allow) LPort=9322
FirewallRules: [{C3360066-378A-46A3-817B-1224AFBF4297}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{549B0BD2-C21C-4AFF-920C-6A851A02D479}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F942826D-F517-4CE7-8D1D-AD273FB8D921}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{C9EA93BA-1B2A-4252-BC17-AC1223D7DFDB}] => (Allow) C:\Users\Morgan\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{C12A0DEE-CAB7-4FC8-9C7C-7D27BAFA64FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/25/2015 05:33:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 05:33:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 05:33:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 05:33:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 04:54:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._scanner._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 04:54:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._pdl-datastream._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 04:54:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._smb._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 02:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._smb._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 02:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._scanner._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 02:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._pdl-datastream._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
 
System errors:
=============
Error: (05/23/2015 01:35:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
Error: (05/23/2015 01:35:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
 
Error: (05/23/2015 01:34:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
Error: (05/23/2015 01:34:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
 
Error: (05/23/2015 01:34:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
Error: (05/23/2015 01:34:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
 
Error: (05/23/2015 01:33:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
Error: (05/23/2015 01:33:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
 
Error: (05/23/2015 01:33:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: 
%%1053
 
Error: (05/23/2015 01:33:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.
 
 
Microsoft Office:
=========================
Error: (04/25/2015 05:33:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 05:33:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 05:33:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 05:33:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second
 
Error: (04/25/2015 04:54:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._scanner._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 04:54:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._pdl-datastream._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 04:54:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._smb._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 02:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._smb._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 02:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._scanner._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/25/2015 02:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP5200+0437._pdl-datastream._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-350 Processor
Percentage of memory in use: 53%
Total physical RAM: 2666.91 MB
Available physical RAM: 1244 MB
Total Pagefile: 5332 MB
Available Pagefile: 3512.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.36 GB) (Free:199.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.56 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 16CC72E1)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End of log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:22 PM

Posted 23 May 2015 - 01:40 PM

You are welcome!

 

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

Step 2

Please download combofix.png Combofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 sacasteel

sacasteel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 23 May 2015 - 03:08 PM

adw:

# AdwCleaner v4.205 - Logfile created 23/05/2015 at 14:51:34
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : steve - MORGAN-HP
# Running from : C:\Users\steve\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Morgan\AppData\Local\apn
Folder Deleted : C:\Users\Morgan\AppData\Roaming\dvdvideosoftiehelpers
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{27A37085-3DEE-4BBC-BB3F-DA613A073ED2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17296
 
 
-\\ Google Chrome v43.0.2357.65
 
[C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Morgan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Morgan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2909 bytes] - [23/05/2015 14:46:50]
AdwCleaner[S0].txt - [2394 bytes] - [23/05/2015 14:51:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2453  bytes] ##########
 
have to restart to do combofix.  will post that once complete.


#6 sacasteel

sacasteel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 23 May 2015 - 04:12 PM

combofix:

 

ComboFix 15-05-19.01 - steve 05/23/2015  15:29:38.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2667.232 [GMT -5:00]
Running from: c:\users\steve\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-23 to 2015-05-23  )))))))))))))))))))))))))))))))
.
.
2015-05-23 20:55 . 2015-05-23 20:55 -------- d-----w- c:\users\Morgan\AppData\Local\temp
2015-05-23 20:55 . 2015-05-23 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-23 20:45 . 2015-05-23 20:45 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42FE2634-CC06-47A1-8141-D2C5E7716830}\offreg.1500.dll
2015-05-23 19:46 . 2015-05-23 19:51 -------- d-----w- C:\AdwCleaner
2015-05-23 18:27 . 2015-05-23 18:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42FE2634-CC06-47A1-8141-D2C5E7716830}\offreg.2208.dll
2015-05-23 15:45 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42FE2634-CC06-47A1-8141-D2C5E7716830}\mpengine.dll
2015-05-23 15:18 . 2015-05-23 18:35 -------- d-----w- C:\FRST
2015-04-25 17:43 . 2015-04-25 17:51 -------- d-s---w- c:\windows\system32\GWX
2015-04-25 17:43 . 2015-04-25 17:43 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-25 17:43 . 2015-04-25 17:43 -------- d-s---w- c:\windows\system32\CompatTel
2015-04-25 17:43 . 2015-04-25 17:43 -------- d-----w- c:\windows\system32\appraiser
2015-04-25 15:22 . 2015-04-25 15:35 -------- d-----w- C:\5c45e111b22fb0e49d899b1971
2015-04-25 15:13 . 2015-04-25 15:15 -------- d-----w- c:\users\Jacob
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-21 02:04 . 2015-04-20 22:47 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-20 23:23 . 2012-07-02 04:07 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-20 23:23 . 2011-07-07 01:36 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-20 22:29 . 2012-02-06 22:59 23768 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-04-01 16:16 . 2012-10-06 03:01 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-03-25 03:24 . 2015-04-22 23:08 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-22 23:08 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-22 23:08 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-22 23:08 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-22 23:08 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-22 23:08 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-22 23:08 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-22 23:08 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-22 23:08 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-22 23:08 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-22 23:08 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-22 23:08 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-22 23:08 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-22 23:08 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-22 23:08 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-22 23:08 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-22 23:03 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-22 23:03 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-22 23:03 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-22 23:03 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-22 23:03 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-22 23:03 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:24 . 2015-04-22 23:03 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:17 . 2015-04-22 23:03 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-17 11:15 . 2015-04-20 22:46 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-17 11:15 . 2015-04-20 22:46 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-17 11:15 . 2015-04-20 22:46 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-17 05:22 . 2015-04-22 23:27 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:22 . 2015-04-22 23:27 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-17 05:22 . 2015-04-22 23:27 95672 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-17 05:19 . 2015-04-22 23:27 1727904 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 05:17 . 2015-04-22 23:27 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-03-17 05:17 . 2015-04-22 23:27 243712 ----a-w- c:\windows\system32\wow64.dll
2015-03-17 05:17 . 2015-04-22 23:26 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-03-17 05:16 . 2015-04-22 23:26 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-03-17 05:16 . 2015-04-22 23:27 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-03-17 05:16 . 2015-04-22 23:27 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-17 05:16 . 2015-04-22 23:26 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-03-17 05:16 . 2015-04-22 23:26 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-17 05:16 . 2015-04-22 23:27 503808 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 05:16 . 2015-04-22 23:26 50176 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 05:16 . 2015-04-22 23:26 28160 ----a-w- c:\windows\system32\secur32.dll
2015-03-17 05:16 . 2015-04-22 23:27 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 05:16 . 2015-04-22 23:27 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-17 05:16 . 2015-04-22 23:26 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-03-17 05:16 . 2015-04-22 23:27 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-17 05:16 . 2015-04-22 23:27 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-17 05:16 . 2015-04-22 23:27 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-03-17 05:16 . 2015-04-22 23:27 1163264 ----a-w- c:\windows\system32\kernel32.dll
2015-03-17 05:16 . 2015-04-22 23:27 424448 ----a-w- c:\windows\system32\KernelBase.dll
2015-03-17 05:16 . 2015-04-22 23:27 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 05:16 . 2015-04-22 23:26 22016 ----a-w- c:\windows\system32\credssp.dll
2015-03-17 05:16 . 2015-04-22 23:27 112640 ----a-w- c:\windows\system32\smss.exe
2015-03-17 05:16 . 2015-04-22 23:27 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 05:15 . 2015-04-22 23:26 31232 ----a-w- c:\windows\system32\lsass.exe
2015-03-17 05:15 . 2015-04-22 23:27 338432 ----a-w- c:\windows\system32\conhost.exe
2015-03-17 05:15 . 2015-04-22 23:26 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-03-17 05:13 . 2015-04-22 23:26 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-17 05:13 . 2015-04-22 23:26 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-17 05:11 . 2015-04-22 23:26 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 05:11 . 2015-04-22 23:26 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-03-17 05:11 . 2015-04-22 23:27 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-17 05:01 . 2015-04-22 23:27 3976632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-03-17 05:01 . 2015-04-22 23:27 3920824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-03-17 04:59 . 2015-04-22 23:27 1309696 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-03-17 04:57 . 2015-04-22 23:27 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-03-17 04:57 . 2015-04-22 23:27 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-03-17 04:57 . 2015-04-22 23:26 43008 ----a-w- c:\windows\SysWow64\srclient.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-17 336384]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2009-08-03 2023936]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-23 15:15 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 23:31]
.
2015-05-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1616617809-2168011286-2694606399-1002Core.job
- c:\users\Morgan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-01 03:43]
.
2015-05-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1616617809-2168011286-2694606399-1002UA.job
- c:\users\Morgan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-01 03:43]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26 23:05]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26 23:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-04-03 7466600]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2009-08-03 2023936]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-05-23  16:07:38
ComboFix-quarantined-files.txt  2015-05-23 21:07
.
Pre-Run: 221,247,131,648 bytes free
Post-Run: 223,607,164,928 bytes free
.
- - End Of File - - BD423399114F405BCA6483ACB7C01B99
A36C5E4F47E84449FF07ED3517B43A31


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:22 PM

Posted 23 May 2015 - 04:14 PM

Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware. (NEW VERSION)
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif







Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Edited by deeprybka, 23 May 2015 - 04:15 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 sacasteel

sacasteel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 May 2015 - 12:10 PM

sorry for delay.  windows apparently did an update overnight.  i hope that didn't affect anything.  here are results from anti-malware.  running the other now.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/24/2015
Scan Time: 11:08:05 AM
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.24.03
Rootkit Database: v2015.05.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: steve
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 486550
Time Elapsed: 59 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:22 PM

Posted 24 May 2015 - 12:22 PM

OK. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 sacasteel

sacasteel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 May 2015 - 05:03 PM

finally done.  here it is:

 

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bcf2512d50ad044b89d89bf58c76f7ba
# engine=23999
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-24 09:58:45
# local_time=2015-05-24 04:58:45 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=777 16777213 100 100 2671932 208292997 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 184048175 0 0
# scanned=171468
# found=0
# cleaned=0
# scan_time=17117


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:22 PM

Posted 25 May 2015 - 03:53 AM

How is the computer running now?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 sacasteel

sacasteel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 25 May 2015 - 09:59 AM

seems to be better.  i'll use it for a day and let you know.  THANK YOU!



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:22 PM

Posted 25 May 2015 - 10:02 AM

OK. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:22 PM

Posted 29 May 2015 - 06:22 AM


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 sacasteel

sacasteel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 29 May 2015 - 10:19 AM

we haven't had the opportunity to use it much over the last few days.  i didn't notice any problems when we did use it though.  Thank you much for your help!  i'm sure it'll get used a lot more this weekend.  Hopefully it runs great!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users