Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Might have a hacker/remote access trojan on my computer. Please check.


  • This topic is locked This topic is locked
10 replies to this topic

#1 computeramateur5

computeramateur5

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 06 February 2016 - 10:21 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by mike (administrator) on M (06-02-2016 22:19:59)
Running from C:\Users\mxxx\Downloads
Loaded Profiles: m (Available Profiles: )
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\<name removed>\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\<name removed>\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 5\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-06] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\Run: [Spotify Web Helper] => C:\Users\<name removed>\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-10-27] (Spotify Ltd)
HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\Run: [GoogleChromeAutoLaunch_05270D25462B85991A9E901B73562A02] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-03] (Google Inc.)
HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55358992 2015-09-04] (Skype Technologies S.A.)
HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\Run: [BingSvc] => C:\Users\<name removed>\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-21] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-06] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{124477DD-E5EA-4DF5-8B6C-6471B93988A7}: [DhcpNameServer] 167.206.13.180 167.206.13.181
Tcpip\..\Interfaces\{729442A2-6968-4293-8C22-B80687B03490}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2J&ocid=SK2JDHP&osmkt=en-us
HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> {1A981B94-6C15-45FF-A3B3-0848A737FBD3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {1A981B94-6C15-45FF-A3B3-0848A737FBD3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3296729069-2740364338-1113590800-1002 -> {1A981B94-6C15-45FF-A3B3-0848A737FBD3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3296729069-2740364338-1113590800-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-06] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-06] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\bdk2n726.default
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=SK2J&ocid=SK2JDHP&osmkt=en-us
www.google.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2JDF&PC=SK2J&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Extension: Bing Search - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\bdk2n726.default\Extensions\bingsearch.full@microsoft.com [2015-09-19] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-06]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://twitter.com/i/notifications
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\<name removed>\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-02]
CHR Extension: (Avast Online Security) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-04]
CHR Extension: (Flamite) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2015-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-06] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 0090801454784391mcinstcleanup; C:\Users\MIKERA~1\AppData\Local\Temp\009080~1.EXE -cleanup -nolog [X]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [286440 2016-02-06] (AVAST Software)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices) [File not signed]
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-04] ()
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-06] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-06 20:14 - 2016-02-06 20:14 - 00020041 _____ C:\Users\m\Downloads\Addition.txt
2016-02-06 20:12 - 2016-02-06 22:19 - 00024614 _____ C:\Users\m\Downloads\FRST.txt
2016-02-06 20:12 - 2016-02-06 22:16 - 00000000 ____D C:\FRST
2016-02-06 20:12 - 2016-02-06 20:12 - 02370560 _____ (Farbar) C:\Users\m\Downloads\FRST64.exe
2016-02-06 20:11 - 2016-02-06 20:12 - 01721856 _____ (Farbar) C:\Users\m\Downloads\FRST.exe
2016-02-06 13:59 - 2016-02-06 21:59 - 00000546 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task da6d56a8-2f5b-4449-bc35-c626dc04ecf5.job
2016-02-06 13:59 - 2016-02-06 20:43 - 00000546 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 520fa3ce-57e8-459c-872b-4ea7a376a702.job
2016-02-06 13:59 - 2016-02-06 16:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-06 13:59 - 2016-02-06 13:59 - 00003618 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 520fa3ce-57e8-459c-872b-4ea7a376a702
2016-02-06 13:59 - 2016-02-06 13:59 - 00003536 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task da6d56a8-2f5b-4449-bc35-c626dc04ecf5
2016-02-06 13:58 - 2016-02-06 13:58 - 00001827 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-02-06 13:58 - 2016-02-06 13:58 - 00000000 ____D C:\Users\m\AppData\Roaming\SUPERAntiSpyware.com
2016-02-06 13:58 - 2016-02-06 13:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-02-06 13:58 - 2016-02-06 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-02-06 13:58 - 2016-02-06 13:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-02-06 13:57 - 2016-02-06 16:28 - 00000000 ____D C:\Users\m\Desktop\mbar
2016-02-06 13:57 - 2016-02-06 13:57 - 24642208 _____ (SUPERAntiSpyware) C:\Users\m\Downloads\SUPERAntiSpyware.exe
2016-02-06 13:56 - 2016-02-06 13:56 - 16563352 _____ (Malwarebytes Corp.) C:\Users\m\Downloads\mbar-1.09.3.1001.exe
2016-02-06 13:56 - 2016-02-06 13:56 - 16563352 _____ (Malwarebytes Corp.) C:\Users\my\Downloads\mbar-1.09.3.1001 (1).exe
2016-02-06 13:56 - 2016-02-06 13:56 - 05198336 _____ (AVAST Software) C:\Users\m\Downloads\aswMBR (1).exe
2016-02-06 06:36 - 2016-02-06 06:36 - 00003046 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1454758603
2016-02-06 06:36 - 2016-02-06 06:36 - 00001060 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-02-06 06:36 - 2016-02-06 06:36 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-02-06 06:31 - 2016-02-06 06:29 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-02-06 06:30 - 2016-02-06 06:30 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-06 06:30 - 2016-02-06 06:30 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-06 05:40 - 2016-02-06 05:40 - 00285600 _____ C:\Windows\Minidump\020616-48343-01.dmp
2016-02-06 05:40 - 2016-02-06 05:40 - 00000000 ____D C:\Windows\Minidump
2016-02-06 05:39 - 2016-02-06 05:39 - 774228700 _____ C:\Windows\MEMORY.DMP
2016-02-06 04:52 - 2016-02-06 04:52 - 05200384 _____ (AVAST Software) C:\Users\m\Downloads\aswmbr.exe
2016-02-06 04:52 - 2016-02-06 04:52 - 00380416 _____ C:\Users\m\Downloads\b6sqp6wk.exe
2016-02-06 03:25 - 2016-02-06 20:51 - 00000000 ____D C:\Users\m\AppData\Local\CrashDumps
2016-02-06 03:20 - 2016-02-06 03:20 - 20943432 _____ C:\Users\m\Downloads\RogueKiller.exe
2016-02-06 03:20 - 2016-02-06 03:20 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-06 03:20 - 2016-02-06 03:20 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-06 03:17 - 2016-02-06 03:18 - 00242984 _____ C:\TDSSKiller.3.1.0.9_06.02.2016_03.17.14_log.txt
2016-02-06 03:16 - 2016-02-06 03:16 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\m\Downloads\tdsskiller.exe
2016-02-05 03:21 - 2016-02-05 08:18 - 00004026 _____ C:\Users\m\Desktop\index.html
2016-02-05 03:21 - 2016-02-05 08:18 - 00001056 _____ C:\Users\m\Desktop\README.txt
2016-02-05 03:21 - 2016-02-05 08:17 - 26744977 _____ C:\Users\m\Desktop\tweets.csv
2016-02-05 03:21 - 2016-02-05 03:21 - 00002017 _____ C:\Users\m\Downloads\Twitter Archive Eraser (3).application
2016-02-05 03:21 - 2016-02-05 03:21 - 00000000 ____D C:\Users\m\Desktop\lib
2016-02-05 03:21 - 2016-02-05 03:21 - 00000000 ____D C:\Users\m\Desktop\js
2016-02-05 03:21 - 2016-02-05 03:21 - 00000000 ____D C:\Users\m\Desktop\img
2016-02-05 03:21 - 2016-02-05 03:21 - 00000000 ____D C:\Users\\Desktop\data
2016-02-05 03:21 - 2016-02-05 03:21 - 00000000 ____D C:\Users\m\Desktop\css
2016-02-05 03:20 - 2016-02-05 03:20 - 20233996 _____ C:\Users\m\Downloads\482735311_21bccaee1087413ac4e7a2985ae76e0bc4a353e4.zip
2016-02-04 17:48 - 2016-02-04 17:48 - 00161055 _____ C:\Users\m\Downloads\4384697963_bfcd50aec2efd049a8a7e2907ca6a9d7a80d4499.zip
2016-02-02 20:09 - 2016-02-02 20:09 - 00002017 _____ C:\Users\m\Downloads\Twitter Archive Eraser (2).application
2016-02-02 17:54 - 2016-02-02 17:54 - 05520562 _____ C:\Users\m\Downloads\HNSC 3184 Overview Online 3(2).pptx
2016-02-02 17:52 - 2016-02-02 17:52 - 00000112 ____H C:\Users\m\Downloads\.~lock.Syllabus Health Disparity Sp 16 Online.docx#
2016-02-02 00:06 - 2016-02-02 00:06 - 00000000 _____ C:\Users\m\Downloads\download
2016-01-30 23:35 - 2016-01-27 11:14 - 00033994 _____ C:\Users\m\Documents\BC%20INTERNSHIP%20PROGRAM%20DESCRIPTION(SPRING12)%20(1).docm_0.odt
2016-01-30 20:30 - 2016-01-30 21:16 - 411343367 _____ C:\Users\m\Downloads\m2ons6aMA5i.rar
2016-01-29 20:21 - 2016-01-29 20:35 - 491517224 _____ C:\Users\m\Downloads\jPBrAHADrQ.rar
2016-01-28 17:19 - 2016-01-28 17:19 - 00012665 _____ C:\Users\m\Downloads\index (17).php
2016-01-28 02:57 - 2016-01-28 02:57 - 00007359 _____ C:\Users\m\Downloads\index (16).php
2016-01-28 02:56 - 2016-01-28 02:56 - 00007359 _____ C:\Users\m\Downloads\index (15).php
2016-01-27 14:07 - 2016-01-27 14:07 - 00007359 _____ C:\Users\m\Downloads\index (14).php
2016-01-27 10:59 - 2016-01-27 10:59 - 00000113 ____H C:\Users\m\Downloads\.~lock.BC INTERNSHIP PROGRAM DESCRIPTION(SPRING12) (1).docm#
2016-01-27 10:58 - 2016-01-27 10:58 - 00277763 _____ C:\Users\m\Downloads\BC INTERNSHIP PROGRAM DESCRIPTION(SPRING12) (1).docm
2016-01-27 01:25 - 2016-01-27 01:25 - 00007359 _____ C:\Users\my\Downloads\index (13).php
2016-01-27 01:15 - 2016-01-27 01:15 - 00007359 _____ C:\Users\m\Downloads\index (12).php
2016-01-27 01:03 - 2016-01-27 01:03 - 00007359 _____ C:\Users\m\Downloads\index (11).php
2016-01-26 23:00 - 2016-01-26 23:00 - 00007359 _____ C:\Users\m\Downloads\index (10).php
2016-01-26 22:07 - 2016-01-26 22:07 - 00007359 _____ C:\Users\m\Downloads\index (9).php
2016-01-26 21:59 - 2016-01-26 21:59 - 00007359 _____ C:\Users\m\Downloads\index (8).php
2016-01-26 21:25 - 2016-01-26 21:25 - 00007359 _____ C:\Users\m\Downloads\index (7).php
2016-01-26 21:20 - 2016-01-26 21:20 - 00007359 _____ C:\Users\m\Downloads\index (6).php
2016-01-26 21:19 - 2016-01-26 21:19 - 00007359 _____ C:\Users\m\Downloads\index (5).php
2016-01-26 21:19 - 2016-01-26 21:19 - 00007359 _____ C:\Users\m\Downloads\index (4).php
2016-01-26 19:34 - 2016-01-26 19:34 - 00007359 _____ C:\Users\my\Downloads\index (3).php
2016-01-26 18:03 - 2016-01-26 18:03 - 00007359 _____ C:\Users\m\Downloads\index (2).php
2016-01-26 18:02 - 2016-01-26 18:02 - 00007359 _____ C:\Users\m\Downloads\index.php
2016-01-26 18:02 - 2016-01-26 18:02 - 00007359 _____ C:\Users\m\Downloads\index (1).php
2016-01-26 17:02 - 2016-02-06 05:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-25 02:28 - 2016-01-25 02:28 - 00010675 _____ C:\Users\m\Desktop\download.jpe
2016-01-25 00:46 - 2016-01-25 00:47 - 22908888 _____ (Malwarebytes ) C:\Users\my\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-25 00:07 - 2016-01-25 00:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\m\Downloads\HijackThis.exe
2016-01-21 18:04 - 2016-01-21 18:04 - 00002017 _____ C:\Users\m\Downloads\Unconfirmed 89899.crdownload
2016-01-21 18:04 - 2016-01-21 18:04 - 00002017 _____ C:\Users\m\Downloads\Unconfirmed 828348.crdownload
2016-01-21 18:02 - 2016-01-21 18:03 - 00224858 _____ C:\Users\m\Downloads\Twitter_Archive_Eraser_Setup (5).zip
2016-01-21 18:02 - 2016-01-21 18:03 - 00224858 _____ C:\Users\m\Downloads\Twitter_Archive_Eraser_Setup (4).zip
2016-01-21 18:02 - 2016-01-21 18:02 - 00002017 _____ C:\Users\m\Downloads\Unconfirmed 997425.crdownload
2016-01-21 18:02 - 2016-01-21 18:02 - 00002017 _____ C:\Users\m\Downloads\Unconfirmed 940842.crdownload
2016-01-21 18:02 - 2016-01-21 18:02 - 00002017 _____ C:\Users\m\Downloads\Unconfirmed 756832.crdownload
2016-01-21 18:02 - 2016-01-21 18:02 - 00002017 _____ C:\Users\m\Downloads\Unconfirmed 514760.crdownload
2016-01-21 17:35 - 2016-01-21 17:35 - 00224858 _____ C:\Users\m\Downloads\Twitter_Archive_Eraser_Setup (3).zip
2016-01-21 17:33 - 2016-01-21 17:33 - 00224858 _____ C:\Users\m\Downloads\Twitter_Archive_Eraser_Setup (2).zip
2016-01-21 17:31 - 2016-01-21 17:31 - 00224858 _____ C:\Users\m\Downloads\Twitter_Archive_Eraser_Setup (1).zip
2016-01-21 17:31 - 2016-01-21 17:31 - 00002017 _____ C:\Users\m\Downloads\Twitter Archive Eraser (1).application
2016-01-21 17:28 - 2016-01-21 17:28 - 00224858 _____ C:\Users\m\Downloads\Twitter_Archive_Eraser_Setup.zip
2016-01-21 17:24 - 2016-02-05 03:28 - 00000000 ____D C:\Users\m\AppData\Local\Deployment
2016-01-21 17:24 - 2016-01-21 17:24 - 00002017 _____ C:\Users\m\Downloads\Twitter Archive Eraser.application
2016-01-21 17:24 - 2016-01-21 17:24 - 00000406 _____ C:\Users\my\Desktop\Twitter Archive Eraser.appref-ms
2016-01-21 17:24 - 2016-01-21 17:24 - 00000000 ____D C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MARTANI
2016-01-21 17:24 - 2016-01-21 17:24 - 00000000 ____D C:\Users\m\AppData\Local\Apps\2.0
2016-01-12 20:06 - 2015-12-10 23:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 20:06 - 2015-12-10 23:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 20:06 - 2015-12-10 22:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 20:06 - 2015-12-10 22:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-12 20:06 - 2015-12-10 22:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 20:06 - 2015-12-10 22:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-12 20:06 - 2015-12-10 22:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 20:06 - 2015-12-10 22:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-01-12 20:06 - 2015-12-10 22:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-12 20:06 - 2015-12-10 22:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 20:06 - 2015-12-10 21:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 20:06 - 2015-12-10 21:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-12 20:06 - 2015-12-10 21:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-01-12 20:06 - 2015-12-10 21:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 20:06 - 2015-12-10 21:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-12 20:06 - 2015-12-10 21:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-12 20:06 - 2015-12-10 21:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 20:06 - 2015-12-10 21:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-12 20:06 - 2015-12-10 21:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-12 20:06 - 2015-12-10 21:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-12 20:06 - 2015-12-10 21:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-12 20:04 - 2015-12-05 00:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-12 20:04 - 2015-12-05 00:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-12 20:04 - 2015-12-03 14:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-12 20:04 - 2015-12-03 14:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-12 20:04 - 2015-12-03 14:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-12 20:04 - 2015-12-03 14:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-01-12 20:04 - 2015-12-03 14:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-12 20:04 - 2015-12-03 13:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-01-12 20:04 - 2015-12-03 13:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-12 20:04 - 2015-12-03 13:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-01-12 20:04 - 2015-12-03 13:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-12 20:04 - 2015-12-03 13:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-12 20:04 - 2015-12-03 13:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-12 20:04 - 2015-12-03 13:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-12 20:04 - 2015-12-03 13:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-12 20:04 - 2015-12-03 13:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 20:04 - 2015-12-03 13:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-12 20:04 - 2015-12-03 12:58 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-12 20:04 - 2015-12-03 12:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-01-12 20:04 - 2015-12-03 12:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-12 20:04 - 2015-12-03 12:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 20:04 - 2015-12-03 12:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-12 20:04 - 2015-12-03 12:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-12 20:04 - 2015-12-03 12:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-12 20:04 - 2015-12-03 12:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 20:04 - 2015-12-03 12:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-12 20:04 - 2015-12-03 12:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-01-12 20:04 - 2015-12-03 12:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-12 20:04 - 2015-12-03 12:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-12 20:04 - 2015-12-03 12:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-12 20:04 - 2015-12-03 12:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 20:04 - 2015-12-03 11:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-12 20:04 - 2015-12-03 11:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 20:04 - 2015-12-03 11:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 20:04 - 2015-12-02 10:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-12 20:04 - 2015-12-02 10:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 20:02 - 2015-12-30 14:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 20:02 - 2015-12-30 14:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-12 20:02 - 2015-12-30 14:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-12 20:02 - 2015-12-10 19:13 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 20:02 - 2015-12-10 19:13 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-12 20:02 - 2015-12-10 19:13 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-12 20:02 - 2015-12-09 19:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-12 20:02 - 2015-12-08 14:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 20:02 - 2015-12-08 14:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-12 20:02 - 2015-12-07 05:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-12 20:02 - 2015-12-04 10:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-12 20:02 - 2015-11-17 16:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-12 20:02 - 2015-11-17 16:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-12 20:02 - 2015-11-17 16:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-06 22:11 - 2015-09-19 13:55 - 00000000 ____D C:\Users\m\AppData\Roaming\Skype
2016-02-06 22:02 - 2014-05-15 23:23 - 00000000 ____D C:\Users\m
2016-02-06 22:00 - 2014-05-16 20:19 - 00000000 ____D C:\Users\m\AppData\Roaming\ClassicShell
2016-02-06 21:54 - 2014-05-21 02:06 - 27968000 ___SH C:\Users\m\Downloads\Thumbs.db
2016-02-06 21:44 - 2014-06-21 05:33 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-06 21:21 - 2014-06-21 05:33 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-06 21:21 - 2014-05-16 08:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-06 21:21 - 2014-05-15 23:29 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3296729069-2740364338-1113590800-1002
2016-02-06 20:57 - 2015-09-24 19:21 - 00002342 _____ C:\Users\m\Desktop\Kindle.lnk
2016-02-06 20:52 - 2015-10-16 13:18 - 00652288 ___SH C:\Users\m\\Desktop\Thumbs.db
2016-02-06 20:52 - 2014-08-30 15:36 - 00000000 ____D C:\Users\my\OneDrive
2016-02-06 20:52 - 2014-05-16 00:24 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{16709BB0-BBEC-4BF9-AEFD-1986D43F4698}
2016-02-06 20:48 - 2013-08-26 01:09 - 00006428 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-06 20:43 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-06 20:42 - 2013-11-27 22:45 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-02-06 18:50 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-06 15:43 - 2014-06-21 05:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-06 15:43 - 2014-06-21 05:33 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-06 13:49 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-02-06 13:49 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-02-06 13:48 - 2013-10-18 12:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-02-06 06:36 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-02-06 06:33 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-02-06 06:31 - 2014-06-21 05:35 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-06 06:30 - 2014-06-21 05:33 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-02-06 06:30 - 2014-06-21 05:33 - 00286440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-02-06 06:30 - 2014-06-21 05:33 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-06 06:30 - 2014-06-21 05:33 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-06 06:30 - 2014-06-21 05:33 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-06 06:30 - 2014-06-21 05:33 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-06 06:30 - 2014-06-21 05:33 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-06 06:30 - 2014-06-21 05:32 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-06 06:29 - 2014-06-21 05:33 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-06 06:29 - 2014-06-21 05:32 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-06 05:39 - 2014-05-16 00:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-06 03:02 - 2014-05-15 23:25 - 00000000 ____D C:\Users\<name removed>\Documents\Youcam
2016-02-04 23:20 - 2014-05-31 17:42 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor<name removed>
2016-02-04 23:20 - 2014-05-31 17:42 - 00000388 _____ C:\Windows\Tasks\HPCeeScheduleFor<name removed>.job
2016-02-04 16:22 - 2014-06-21 05:34 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-04 16:22 - 2014-06-21 05:34 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-03 14:04 - 2013-11-27 22:22 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-02-01 20:16 - 2014-06-21 05:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 20:16 - 2014-06-21 05:33 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 02:36 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2016-01-25 02:10 - 2013-08-26 01:57 - 00000000 ____D C:\Windows\Panther
2016-01-25 00:48 - 2014-06-21 05:34 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-25 00:48 - 2014-06-21 05:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-25 00:48 - 2014-06-21 05:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-23 04:28 - 2014-10-10 00:23 - 00000000 ____D C:\Users\<name removed>\AppData\Local\ElevatedDiagnostics
2016-01-21 01:58 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-20 01:54 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2016-01-20 01:21 - 2014-05-16 08:59 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-18 15:15 - 2014-05-28 01:40 - 00000000 ____D C:\Users\m\AppData\Roaming\Spotify
2016-01-18 10:45 - 2014-05-28 01:41 - 00000000 ____D C:\Users\m\AppData\Local\Spotify
2016-01-16 00:11 - 2015-09-19 13:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-15 20:32 - 2015-04-18 12:58 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-15 20:32 - 2015-03-28 17:49 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 10:07 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-12 20:39 - 2014-05-20 20:36 - 00000000 ____D C:\Windows\system32\MRT
2016-01-12 20:13 - 2014-05-20 20:36 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some files in TEMP:
====================
C:\Users\m\AppData\Local\Temp\Extract.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-06 15:39
 
==================== End of FRST.txt ============================

Edited by quietman7, 15 February 2016 - 06:45 PM.
Request to remove name by OP


BC AdBot (Login to Remove)

 


#2 computeramateur5

computeramateur5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 07 February 2016 - 12:57 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by m (2016-02-06 20:14:27)
Running from C:\Users\m\Downloads
Windows 8.1 (X64) (2014-05-16 04:23:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3296729069-2740364338-1113590800-500 - Administrator - Disabled)
Guest (S-1-5-21-3296729069-2740364338-1113590800-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3296729069-2740364338-1113590800-1004 - Limited - Enabled)
m (S-1-5-21-3296729069-2740364338-1113590800-1002 - Administrator - Enabled) => C:\Users\m
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{301D3AA1-5DCC-FCFD-622E-3C7CBA87C80F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes en-US (HKLM-x32\...\{C438C1D0-A46C-4BFA-AFCD-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LibreOffice 5.0.2.2 (HKLM-x32\...\{71508AE2-346A-4E56-AE95-DBB8DE692258}) (Version: 5.0.2.2 - The Document Foundation)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 12.0.0.2769 - Stamps.com, Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Twitter Archive Eraser (HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\7c01de3b4b7aa016) (Version: 5.1.4.0 - MARTANI)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VitalSource Bookshelf (HKLM-x32\...\{5495472a-451c-42b9-9cd7-24b1ac2d7b79}) (Version: 6.06.0022 - Ingram Content Group)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {18B3B8B3-88EC-4180-86E4-C6C3BFFD5666} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1E362C8B-330F-4434-B360-0578FF1B6EAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {25DD708C-C751-4C14-9CC5-C654684EF571} - System32\Tasks\SUPERAntiSpyware Scheduled Task da6d56a8-2f5b-4449-bc35-c626dc04ecf5 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {2F83F1C3-87FE-4CC5-8911-1DC97BDD663C} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {43130705-55DE-459D-9533-032B81860D2E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {4F39B5D3-8C6C-4054-9F40-366EAB51EB11} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {592A5F95-A9B8-4353-A0FE-4F3696850C96} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5E3450D6-1012-4F2A-8917-D57815AFD8FF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {66035B39-DFD0-45C9-BD7B-2EB43F367CF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {67905203-CC43-4580-9286-4FE94C4A9951} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {6A73D412-FF7E-4051-B1EB-B410152AB664} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.)
Task: {6EEF74F5-1BE8-43D1-93AE-22AD9D831E42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {772C13A7-CEF3-499C-A923-B944BAD49ED0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {852C52C2-ED80-4D7E-B0C0-B9BFCF9A1215} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8E59CA0E-339D-4F0F-96F8-01CB2665FF13} - System32\Tasks\{B62833C5-2DEF-4BAF-89F7-DF591C74E285} => pcalua.exe -a C:\DriveKey\HPUSBFW.EXE -d C:\Users\<name removed>\Desktop
Task: {9C9E8C41-4C04-4D49-8D4F-C673F347C9F1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BE5E59C8-DCFE-46BE-AAE0-F6A236493A41} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-06] (AVAST Software)
Task: {C607E587-67FF-41EB-884A-D732D0EFFB77} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {C7EDCDEF-45D7-4C82-8DF5-4B9E6FC52A26} - System32\Tasks\HPCeeScheduleFor<name removed> => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {CF5D7E3E-B208-4CE7-B1C8-B8DC9D372299} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DC914CF9-A1AE-495B-8E5D-24394714C5AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DDA32060-E9D9-4DFD-A4E3-77318AC56FF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.)
Task: {DFE48C2D-46FC-4E0C-A801-14946B843EB7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-19] (AVAST Software)
Task: {E73BDD1D-0DE7-448A-AD95-6A597A40E374} - System32\Tasks\SafeZone scheduled Autoupdate 1454758603 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {F55F2BE4-AC0F-4144-B5CC-0C5001335730} - System32\Tasks\SUPERAntiSpyware Scheduled Task 520fa3ce-57e8-459c-872b-4ea7a376a702 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFor<name removed>.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 520fa3ce-57e8-459c-872b-4ea7a376a702.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task da6d56a8-2f5b-4449-bc35-c626dc04ecf5.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)

Edited by quietman7, 15 February 2016 - 06:47 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 PM

Posted 08 February 2016 - 10:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

No malware found on your log.
This is just a cleanup of items that are not required.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Extension: (Avast Online Security) - C:\Users\<name removed>\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-04]
CHR Extension: (Flamite) - C:\Users\<name removed>\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2015-12-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-06]
S2 0090801454784391mcinstcleanup; C:\Users\MIKERA~1\AppData\Local\Temp\009080~1.EXE -cleanup -nolog [X]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#4 computeramateur5

computeramateur5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 08 February 2016 - 08:29 PM

I did that.

 

So my computer is safe? If there was a way to get into my computer there would be a visible program? Couldn't just open a port or through my router or something of that nature? 



#5 computeramateur5

computeramateur5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 09 February 2016 - 12:41 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by m (2016-02-09 00:32:10) Run:3
Running from C:\Users\m\Desktop\far
Loaded Profiles: mike (Available Profiles: mike)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR Extension: (Avast Online Security) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-04]
CHR Extension: (Flamite) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2015-12-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-06]
S2 0090801454784391mcinstcleanup; C:\Users\M\AppData\Local\Temp\009080~1.EXE -cleanup -nolog [X]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => not found
C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found. 
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
0090801454784391mcinstcleanup => service not found.
AvastVBoxSvc => service could not remove
VBoxAswDrv => service could not remove
EmptyTemp: => 35.8 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-09 00:36:35)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 00:36:35 ====

Edited by Chris Cosgrove, 14 February 2016 - 06:26 AM.
Request by OP to remove name


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 PM

Posted 09 February 2016 - 07:28 AM

I checked both of your logs but I just realized that the Addition.txt file was short.
It may have been truncated.
Please post again.

Also make sure your Firewall is enabled.

How to:
http://www.dummies.com/how-to/content/how-to-turn-the-windows-8-firewall-on-and-off.html

#7 computeramateur5

computeramateur5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 09 February 2016 - 04:29 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by m (2016-02-09 16:27:06)
Running from C:\Users\m\Desktop\far
Windows 8.1 (X64) (2014-05-16 04:23:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3296729069-2740364338-1113590800-500 - Administrator - Disabled)
Guest (S-1-5-21-3296729069-2740364338-1113590800-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3296729069-2740364338-1113590800-1004 - Limited - Enabled)
m (S-1-5-21-3296729069-2740364338-1113590800-1002 - Administrator - Enabled) => C:\Users\m
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\Amazon Kindle) (Version: 1.13.1.42052 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{301D3AA1-5DCC-FCFD-622E-3C7CBA87C80F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes en-US (HKLM-x32\...\{C438C1D0-A46C-4BFA-AFCD-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LibreOffice 5.0.2.2 (HKLM-x32\...\{71508AE2-346A-4E56-AE95-DBB8DE692258}) (Version: 5.0.2.2 - The Document Foundation)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 12.0.0.2769 - Stamps.com, Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Twitter Archive Eraser (HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\7c01de3b4b7aa016) (Version: 5.1.4.0 - MARTANI)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VitalSource Bookshelf (HKLM-x32\...\{5495472a-451c-42b9-9cd7-24b1ac2d7b79}) (Version: 6.06.0022 - Ingram Content Group)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {18B3B8B3-88EC-4180-86E4-C6C3BFFD5666} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1E362C8B-330F-4434-B360-0578FF1B6EAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {24545F77-50C4-4516-92D9-3B5292456D7F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {25DD708C-C751-4C14-9CC5-C654684EF571} - System32\Tasks\SUPERAntiSpyware Scheduled Task da6d56a8-2f5b-4449-bc35-c626dc04ecf5 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {2F83F1C3-87FE-4CC5-8911-1DC97BDD663C} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {45AEDCE2-EBE9-4781-885F-DACD1DFF9783} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {4F39B5D3-8C6C-4054-9F40-366EAB51EB11} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {592A5F95-A9B8-4353-A0FE-4F3696850C96} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {66035B39-DFD0-45C9-BD7B-2EB43F367CF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {6A73D412-FF7E-4051-B1EB-B410152AB664} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.)
Task: {6EEF74F5-1BE8-43D1-93AE-22AD9D831E42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {772C13A7-CEF3-499C-A923-B944BAD49ED0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {8E59CA0E-339D-4F0F-96F8-01CB2665FF13} - System32\Tasks\{B62833C5-2DEF-4BAF-89F7-DF591C74E285} => pcalua.exe -a C:\DriveKey\HPUSBFW.EXE -d C:\Users\m\Desktop
Task: {9C9E8C41-4C04-4D49-8D4F-C673F347C9F1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {AA74C4C2-27F2-4031-BA73-5B616FA4F32D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BE5E59C8-DCFE-46BE-AAE0-F6A236493A41} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-06] (AVAST Software)
Task: {C607E587-67FF-41EB-884A-D732D0EFFB77} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {C7EDCDEF-45D7-4C82-8DF5-4B9E6FC52A26} - System32\Tasks\HPCeeScheduleForm => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {CF5D7E3E-B208-4CE7-B1C8-B8DC9D372299} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DC914CF9-A1AE-495B-8E5D-24394714C5AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DDA32060-E9D9-4DFD-A4E3-77318AC56FF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.)
Task: {DFE48C2D-46FC-4E0C-A801-14946B843EB7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-19] (AVAST Software)
Task: {E73BDD1D-0DE7-448A-AD95-6A597A40E374} - System32\Tasks\SafeZone scheduled Autoupdate 1454758603 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {F55F2BE4-AC0F-4144-B5CC-0C5001335730} - System32\Tasks\SUPERAntiSpyware Scheduled Task 520fa3ce-57e8-459c-872b-4ea7a376a702 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForm.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 520fa3ce-57e8-459c-872b-4ea7a376a702.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task da6d56a8-2f5b-4449-bc35-c626dc04ecf5.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-10-14 10:23 - 2013-10-14 10:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 10:24 - 2013-10-14 10:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 10:25 - 2013-10-14 10:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-25 09:49 - 2013-09-25 09:49 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-09-25 09:48 - 2013-09-25 09:48 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-14 10:30 - 2013-10-14 10:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-09-25 09:48 - 2013-09-25 09:48 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-09-25 09:49 - 2013-09-25 09:49 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2016-02-06 06:30 - 2016-02-06 06:30 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-06 06:30 - 2016-02-06 06:30 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-08 21:12 - 2016-02-08 21:12 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020804\algo.dll
2016-02-06 06:30 - 2016-02-06 06:30 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-09 15:39 - 2016-02-09 15:39 - 02820096 _____ () C:\Program Files\AVAST Software\Avast\defs\16020902\algo.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-27 22:50 - 2013-02-01 14:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2013-11-27 22:50 - 2013-02-01 14:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2013-11-27 22:50 - 2013-02-01 14:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2013-11-27 22:50 - 2013-02-01 14:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2013-11-27 22:50 - 2013-02-01 14:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2013-11-27 22:50 - 2013-02-01 14:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2013-11-27 22:50 - 2013-02-01 14:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2013-11-27 22:44 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-02-06 06:30 - 2016-02-06 06:30 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-02-04 16:22 - 2016-02-03 02:27 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libglesv2.dll
2016-02-04 16:22 - 2016-02-03 02:27 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-3296729069-2740364338-1113590800-1002\...\StartupApproved\Run: => "Spotify"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CEF387D3-7302-41BC-A69D-A7B8397AAF8A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FC07E070-9749-42BD-8E2E-1A6946387A55}] => (Allow) LPort=2869
FirewallRules: [{540C58B6-7AEC-4761-9B8B-F5C771892FC3}] => (Allow) LPort=1900
FirewallRules: [{338E4A94-8313-4566-BC8E-4C2099DBD346}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{E120052A-57F6-48A3-956A-BDC7AE12CDB2}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{3A6CA381-4463-403B-8012-3D31C0F953BB}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{ED663641-C6B3-4CF2-B7DD-BC194227DA75}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{7BCAEB16-DD19-4E9F-BBFA-93CB4D17D2AD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{C1899FCB-DD87-460B-85D8-4E13A698FD82}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{C4F761A1-1524-45B5-9CAB-1B34C882D013}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{987EE6F4-E640-4B61-8E22-2604AB0DE838}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{98751F3C-0AF6-4E59-8BED-710D5468430B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8352CE12-A91F-4B02-9F2B-EFF0E13DD970}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C929411D-68CB-4E80-8A10-B0B5A81FE418}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7F33CD83-A3B4-4DBD-BAA6-4CFDF9D8ABFB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{91C1A622-952C-4A55-95D3-6CA53BC62AE2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{077BA175-AB6A-4C31-B742-540100449C40}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{195E1B2B-AA4C-4C05-BE57-53F6E9C560CB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4827ECD8-5D5C-420A-8AD0-D990A750E7E4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{EEF4998C-2BF8-4230-AC2A-64E7DA92BAF0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{230E6964-E482-4643-91DE-2D077023ADA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{F54D8E11-08DD-4A2E-8D4D-0C6160730718}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{0BB0FCB6-6470-4650-BCF2-517CC9C87596}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{77E0538F-0724-49D0-8E9B-F388BD540F62}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [TCP Query User{F8B0D055-3BE2-4BEE-B51B-5985735E92D3}C:\users\m\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\m\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7FF90ADF-7216-4EDC-8673-D47FA7FF1928}C:\users\m\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\my\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E92A282A-B274-424E-A059-732A7608B17B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{611C8279-829E-48D8-8B5B-63FCD1C7A2D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{58099579-FE6B-4246-99D2-97FC51653AFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A5C8BFF-CD2E-4D79-A52E-B02C91514FE6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CDF688EB-BC25-4B27-9765-ED99FEFAAB97}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{96D475FC-C23F-4B6B-BF12-DCDFE3C6F58A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96950470-DF78-4CB4-AB20-4C92C70F3337}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DAFA69E7-9778-42A3-B90B-85F20FAA41CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0AA5F597-61CA-4559-9CF8-956DC9E1ECD8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Restore Points =========================
 
20-01-2016 01:47:13 Scheduled Checkpoint
02-02-2016 18:25:33 Scheduled Checkpoint
08-02-2016 23:56:37 Restore Point Created by FRST
09-02-2016 00:22:10 Restore Point Created by FRST
09-02-2016 00:32:11 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/09/2016 04:16:42 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: m)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c5
 
Error: (02/09/2016 04:02:09 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: m)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5
 
Error: (02/09/2016 04:02:09 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: m)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5
 
Error: (02/09/2016 04:02:09 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: m)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5
 
Error: (02/09/2016 04:02:09 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: m)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5
 
Error: (02/09/2016 04:02:09 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: m)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5
 
Error: (02/09/2016 04:02:09 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: m)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5
 
Error: (02/09/2016 04:02:09 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ml)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5
 
Error: (02/09/2016 04:02:09 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ml)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5
 
Error: (02/09/2016 04:02:09 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: m)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5
 
 
System errors:
=============
Error: (02/09/2016 01:33:07 PM) (Source: DCOM) (EventID: 10010) (User: m)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/09/2016 01:32:37 PM) (Source: DCOM) (EventID: 10010) (User: m)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/09/2016 04:43:27 AM) (Source: DCOM) (EventID: 10010) (User: m)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/09/2016 04:42:57 AM) (Source: DCOM) (EventID: 10010) (User: m)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/09/2016 04:01:23 AM) (Source: DCOM) (EventID: 10010) (User: m)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/09/2016 04:00:52 AM) (Source: DCOM) (EventID: 10010) (User: m)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/09/2016 03:42:46 AM) (Source: DCOM) (EventID: 10010) (User: m)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/09/2016 03:42:16 AM) (Source: DCOM) (EventID: 10010) (User: m)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/09/2016 12:36:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/09/2016 12:36:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2016-02-09 00:35:53.431
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW86.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-09 00:15:34.620
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW86.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-08 13:06:51.740
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW86.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-06 20:42:47.716
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW86.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-06 06:35:15.162
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW86.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-06 05:39:55.867
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW86.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-29 16:31:11.287
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW86.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-25 02:12:55.173
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW86.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-23 00:06:48.719
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW86.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-21 17:57:01.895
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW86.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-5200 APU with Radeon™ HD Graphics 
Percentage of memory in use: 41%
Total physical RAM: 5602.07 MB
Available physical RAM: 3260.13 MB
Total Virtual: 11234.07 MB
Available Virtual: 8603.65 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:677.52 GB) (Free:475.98 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.35 GB) (Free:2.04 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: ADE6A5EE)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by Chris Cosgrove, 14 February 2016 - 06:33 AM.
To remove OP's name


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 PM

Posted 10 February 2016 - 08:13 AM

All clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#9 computeramateur5

computeramateur5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 10 February 2016 - 10:02 PM

Thank you.

 

So my computer is safe? If someone was able to hack my computer, a visible entrance would be visible in the logs?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 PM

Posted 11 February 2016 - 07:58 AM

If someone did then he might have removed all the traces.

Read the instructions on how to protect yourself.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 PM

Posted 17 February 2016 - 09:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users